• Hi,

    I read at a lot of places that WPS (Wi-Fi Protected Setup) is flawed and should not be used. It is vulnerable to brute force attack. It was cracked in Dec 2011.

    What is your opinion?

    Thanks and regards,

    Pravin Goyal

  • The original WPS was definitely flawed.   Obviously, the WFA did not learn from the IEEE's humungous blunder in their design of WEP.

    The few Linux programs I have seen, meant to crack WPS, cannot discriminate between older and newer versions of WPS.   

  • Pravin and Howard,

    Reaver is a hacking tool that can be used to get the WPS password. 

    Here is one of many links that tell how to use Reaver:

    Personally, I do not think WLAN professionals should ever be using WPS.  For my friends (when I set up the occasional autonomous SOHO AP/router for a friend...), I always look to see if WPS can be turned OFF if possible and advise my friends to not use it. 

    I do not think any enterprise APs even list WPS as an option (I may be wrong, however...).  If you do set up an enterprise AP and see WPS listed, I would highly suggest you disable this feature, due to the pretty easy way to get the WPS security info through Reaver. 

    And totally agree with Howard--WPS flaws have never been fixed. 

  • The Reaver I have incorrectly identifies the WPS version.   All are identifed as version 1, and it can't decode newer versions.    Do you know of a Reaver that works correctly?

  • The sad part is how I have seen so many brands, mostly SOHO that like to Bragg about it. "Push button WPS!!! best thing since sliced bread!"

  • IF, and that's a big IF,   both side of your infrastructure have the Version 2 of WPS, and you can truly disable it on your AP, it's probably ok..

    Version 1, forget it.

  • Howard,

    Do you have any links for WPS version 2?  I have looked extensively for links, info on ver 2, and all I have been able to find is that version two was planned.  Including, the specific fixes WPA ver 2 corrects?  Additionally, is there any way to determine if an AP has version 2?

  • Sorry.   I don't.

    But a protocol analyzer would show some new fields...

  • I would recommend to switch back to reaver 1.3 instead of 1.4, it is a bit more complex but at least you can get WPS cracked

  • Seems unlikely - considering new fields and algorithms.

Page 1 of 2