WPA "Crack" as per Steve Gibson

Technical press has recently printed headlines such as:

"No longer safe: WPA encryption cracked in 12 to 15 minutes" - ZDNet
"Once Thought Safe, WPA Wi-Fi Encryption Is Cracked" - PCWorld
"Researchers Crack WPA Wi-Fi Encryption" - Slashdot
"WPA cracked in 15 minutes or less, or your next router's free" - engadget

However, the details seem to indicate a much more limited vulnerability.

The "crack" is limited as follows:

  1. Access points running QoS (or WMM - Wireless MultiMedia)
  2. Small control packets such as ARP packets
  3. Only traffic using TKIP
  4. Only packets from the access point
  5. Requires 12 minutes & fails if the group key is renewed during that 12 min period

[more]No data decryption is actually involved.  However, if TKIP is being used, a DoS attack is possible by generating packets with correct checksums but erroneous packet authentication info (Message Integrity Code values).

  1. Disable TKIP if possible (use AES)
  2. Disable QoS (and/or WMM) to prevent replay attacks if possible
  3. Configure to reduce the group key renewal period to less than 12 minutes

Also, since WPA is susceptible to brute force attacks, you can use Steve Gibson's key generation site www.grc.com/passwords - I am paranoid enough to generate the password/key on a network other than the one that uses the external router I'm getting the key for.

Networking Security and Compliance Crack WPA