> Do you have a source or paper I can take a look at on
> the WPA2 cracking?

Google: Reaver

Reaver is not a direct crack of WPA/WPA2 itself. Rather; Reaver recovers
WPA/WPA2 keys by cracking the WPS (WiFi Protected Setup) service. The
usual Linux boot/crack ISOs now include Reaver. Brute-forcing the WPS
service takes ~9 hours (for a guaranteed return of the WPA/WPA2 keys.

Sadly; The WiFi Alliance requires that anyone wishing to use the term "WiFi"
or the B&W "WiFi" logo ... MUST implement WPS ... and it MUST be "On" by
default. Ergo; most of the WiFi routers are vulnerable.

Even worse; Linksys routers have a radio-button to disable WPS ... but it
does NOT disable WPS. Good grief.

Last time I checked (~4 months ago), most of the WiFi router vendors had
not updated their firmware to address this vulnerability.

- Apple did a good job of implementing WPS for their Airport family - not vulnerable.
- DD-WRT is not vulnerable (because it does not support WPS)

Another possible workaround that I have not verified ... set the TKIP renegotiation
interval to less than 60 secs.