You probably noticed that I have some delays in reporting news. This month was rather busy for me. I could not avoid to say some words about WPA attack.
Ars Technica made an excellent coverage of the attack. In addition, they provide a short history of the Wifi encryption story.
Are we safe? I am sure that you are all using WPA2 or at least WPA with AES. In that case, you are perfectly safe. The attack works on TKIP without AES and only for short packets. That means it is not possible to decrypt a complete normal stream WPA protected. Nevertheless, the attack is a first hit to WPA. The attack was extremely clever and required a deep knowledge of the different 802.11 flavors.
Some people may question the interest of attacking a protocol that is quasi obsolete in the field (hopefully, most Wifi networks should be WPA2 and AES). Any exploit is a new lesson on how a protocol is attacked. Next generation of protocols should be resistant to this type ofg exploits. Thus, it is always useful to increase the knowledge in security, and widen the database of attacks.
Probably a topic for next newsletter.