Recently I answered a question on security.stackexchange.com regarding security in wireless protocols. The OP wanted to know more about what methods were available to break into a wireless network and how long it would take. There are several types possibilities of encryption:
WEP uses the RC4 encryption algorithm, which is known as a stream cipher. A stream cipher operates by expanding a short key into an infinite pseudo-random key stream. The sender XORs the key stream with the plaintext to produce ciphertext. The receiver has a copy of the same key, and uses it to generate identical key stream. XORing the key stream with the ciphertext yields the original plaintext.This mode of operation makes stream ciphers vulnerable to several attacks. If an attacker flips a bit in the ciphertext, then upon decryption, the corresponding bit in the plaintext will be flipped. Also, if an eavesdropper intercepts two ciphertexts encrypted with the same key stream, it is possible to obtain the XOR of the two plaintexts. Knowledge of this XOR can enable statistical attacks to recover the plaintexts. The statistical attacks become increasingly practical as more ciphertexts that use the same key stream are known. Once one of the plaintexts becomes known, it is trivial to recover all of the others. WEP has defenses against both of these attacks. To ensure that a packet has not been modified in transit, it uses an Integrity Check (IC) field in the packet. To avoid encrypting two ciphertexts with the same key stream, an Initialization Vector (IV) is used to augment the shared secret key and produce a different RC4 key for each packet. The IV is also included in the packet. However, both of these measures are implemented incorrectly, resulting in poor security. The integrity check field is implemented as a CRC-32 checksum, which is part of the encrypted payload of the packet. However, CRC-32 is linear, which means that it is possible to compute the bit difference of two CRCs based on the bit difference of the messages over which they are taken. In other words, flipping bit n in the message results in a deterministic set of bits in the CRC that must be flipped to produce a correct checksum on the modified message. Because flipping bits carries through after an RC4 decryption, this allows the attacker to flip arbitrary bits in an encrypted message and correctly adjust the checksum so that the resulting message appears valid. The initialization vector in WEP is a 24-bit field, which is sent in the cleartext part of a message. Such a small space of initialization vectors guarantees the reuse of the same key stream. A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 15008/(1110^6)*2^24 = ~18000 seconds, or 5 hours. (The amount of time may be even smaller, since many packets are smaller than 1500 bytes.) This allows an attacker to collect two ciphertexts that are encrypted with the same key stream and perform statistical attacks to recover the plaintext. Worse, when the same key is used by all mobile stations, there are even more chances of IV collision. For example, a common wireless card from Lucent resets the IV to 0 each time a card is initialized, and increments the IV by 1 with each packet. This means that two cards inserted at roughly the same time will provide an abundance of IV collisions for an attacker. (Worse still, the 802.11 standard specifies that changing the IV with each packet is optional!) Another interesting paper was published by aircrack-ng, creators of one of the widest used wireless penetration testing tools, named "Practical attacks against WEP and WPA".
TKIP implements a more sophisticated key mixing function for mixing a session key with an initialization vector for each packet. This prevents all currently known related key attacks because every byte of the per packet key depends on every byte of the session key and the initialization vector. Additionally, a 64 bit Message Integrity Check (MIC) named MICHAEL is included in every packet to prevent attacks on the weak CRC32 integrity protection mechanism known from WEP. To prevent simple replay attacks, a sequence counter (TSC) is used which allows packets only to arrive in order at the receiver.There are two attacks known against TKIP:
Key = PBKDF2(HMAC−SHA1,passphrase, ssid, 4096, 256)The algorithm takes the type of HMAC to be used, the passphrase, the ssid as salt, the amount of iterations the password will be hashed and the final length of the generated hash. Considering this algorithm is meant to prevent hashed passwords from being broken it can take a huge amount of time. The only reasonable attack would be to use a dictionary attack (hence it is important to use long passwords containing characters, numbers and letters). Also note that you need to change your SSID to something very random. Rainbow tables have been generated for the top 1000 used SSIDs. Which can reduce attack time significantly. WPA also supports AES (which can be used instead of RC4). While AES is more secure than RC4 the biggest problem of WPA is still present, namely the integrity check is still done using TKIP-MIC.