German malware researchers Erik Tews and Martin Beck are due to give a presentation next week at the PacSec conference on a crack of WPA, a wireless encryption protocol.
The crack comes out of the researchers' work on hacking WEP, a protocol now famed for being a bit rubbish. However, WPA up until now had been considered more secure.
I contacted Erik Tews today to ask him about his research. He told me by email that Martin Beck had had the idea for the crack in 2007. I'll hand you over to Tews:
"The attack is basically a modified chopchop attack. Chopchop is a very old attack on WEP, which allows the decryption of single packet in a WEP protected network without recovering the secret key. Martin Beck found out that the attack can be modified to work against [Temporal Key Integrity Protocol, (used in WPA)] protected networks. Here, a client system is used as a kind of oracle to find out informations of the plaintext of packets and about keys used.
[The attack] does not depend on the strength of the password used in the network and is not a dictionary attack.
WPA is not [completely compromised]. The attack only allows decryption in a rate of 1 byte of plaintext per minute, and the rate of packets which can be send is similar low, like 1-4 packets per minute."
So there you have it -- the first cracks in the WPA dam? We shall see next week after the researchers' presentation.