It is also possible to crack WPA-2 networks, quickly and easily if WPS is enabled (mere hours), longer (or more costly) if it is not. I think it would be trivial to argue in court that if you have wifi its a reasonable argument that your wifi might have been hacked and hijacked.
Citation needed here I feel.
All of the WPA attack methods I can find work on the basis of using precomputed SSID/Password combinations, sniffing the handshake and comparing against the list.
I've personally seen this used to crack a WPA2 network in < 2 hours. However this isn't a problem with WPA, and disabling WPS renders this attack vector useless. Thou as noted in the white-paper some routers are intelligent enough to slow the attack down.
yes the 4-way handshake needs to be captured, and can be compared to a rainbow table (fast) however (and if i understand correctly) if it is not in the table you can then throw computing power at it to bruteforce it (slowly)
Yes its really slow, and would take practically forever for any reasonably long/secure passkey, but it is possible and only going to get easier as time goes on. I think it gives anyone with a wireless network an 'out' by being able to say they must have been hacked, either because they left WPS on or used a simple short passkey.
However i really have no idea if that would actually hold up in court.
