Forum

A review question in the CWSP Official Study Guide (Sybex, 2010) caught my eyes: a simple question about encryption methods.

[i]Which of these encryption technologies have been cracked? (Choose all that apply.)

(A) 64-bit WEP

(B) TKIP/RC4

(C) CCMP/AES

(D) 128-bit WEP

(E) Wired Equivalent Privacy[/i]

You will definitely pick up the options (A), (D), and (E) at first glance, right? Since WEP has been cracked and considered no longer a secure encryption method.

If you did so, well, you made the look-like right choice.

Why 'look-like'? Because the answers to this question according to the study guide are (A), (D), and (E).

But wait. How about the option (B)?

TKIP/RC4 is a good choice for Wi-Fi devices not supporting the advanced CCMP/AES encryption. But [url=http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html?page=1]WPA-TKIP was cracked[/url] last August by Japanese scientists. They demonstrated a practical attack that could crack TKIP in just one minute.

Both of [url=http://www.h-online.com/security/news/item/WEP-and-TKIP-Wi-Fi-encryption-methods-to-be-discontinued-1024835.html]WEP and WPA-TKIP will be removed from the Wi-Fi Alliance's test schedule[/url] over the following years. Enterprises will be forced to upgrade to WPA2-AES finally.

Back to the review question. So the option (B) will also be added to the answer list, I guess?

My suggestion: as a CWNP candidate, paying attention to industry news/updates is equally important.

My question: if such a question appears in real CWNP exams, how to deal with it?