One year after a vulnerability in the Wi-Fi Protected Access encryption algorithm was reported, a proof-of-concept program for the attack has been released.
The attack affects only Wi-Fi networks using WPA in pre-shared key mode. It is a dictionary attack, meaning that it cycles through a list of words and combinations of words attempting to find one that matches the data on the network. Longer, more random passwords or passphrases, and enterprise implementations that use external authentication systems, are not affected by the vulnerability.
The group that released the crack program, Tinypeap, writes Wi-Fi-related software, including a small radius server for certain Linksys routers.
The company also wrote a white paper that explains how the crack works and criticizing WPA for the broadcast of data necessary in the creation and verification of a session key. This is the information that the program subjects to the dictionary attack. The white paper also recommends using the companys Tinypeap radius server as a solution to the problem.
The white paper notes that the Wi-Fi Alliance recommends a passphrase of at least 20 characters, and even better with some non-dictionary words in it. For example, "Red Sox are number 1!" is at the outer edge of weak length and has weak contents, but "Sox rule, Yankees drule, boo-yah!" would likely not be matched by a dictionary attack.