It’s all over the news since yesterday: »WPA2 Wifi-Encryption is broken.« German news stations are asking people to not do online-banking via Wifi (that’s nonsense, but more about that later).
So what is WPA2? Wifi connections are connections over the air, radio signals in the 2.4 GHZ and 5 GHZ band. Because radio waves propagate everywhere around the antenna, they can be listened in by everybody. In order to give the over-the-air piece of the Internet connection some privacy, a simple encryption protocol had been cooked up, WEP. The WE in WEP stood for “Wire equivalent”, so the encryption wasn’t supposed to be milspec, it was supposed to give privacy comparable to a wire.
WEP was broken a long time ago, and it did not provide much of anything for a decade now. The successor protocols were WPA and later, WPA2. WPA2 was actually proven to be correct and secure, and that proof remarkably still stands.
So how is that possible?