* WPA2 hasn't been 'cracked'
* Without 'passwording', all your traffic is unencrypted and can be trivially sniffed
* Spoofing one of your whitelisted MAC addresses in order to use your network is easy
First: thanks to ALL of you who answered. This was very informative. If I understand correctly:
1) I would define something as "not cracked" if it is as strong as its password--in other words, there's no way to circumvent it that isn't a general vulnerability (peek through my window, get a keylogger on my machine, etc.) I assume you're telling me that this is the case with WPA2.
2) It sounds as though you are saying that something like WPA2 doesn't just authenticate a login but remains in use as an encryption key for subsequent wireless data interchange between client and base station. If I'm understanding correctly, that's a powerful point.
3) I knew that MAC addresses could be spoofed, but I was thinking they wouldn't know WHICH MAC address to pretend to have. Of course, if I'd been a little smarter, I would have noticed that my own linux process was using the MAC address a client claimed to have to throw out unrecognized machines (before I had MAC address filtering as a built-in router feature). If they were sending their MAC address to me, then my own client machine would be sending its MAC address in clear text to them, telling them which MAC address to pretend to have. Duh.
Well, I feel a little dumber and a little smarter. Time to go change my network. Thanks again.
* WPA2 hasn't been 'cracked' * Without 'passwording', all your traffic is unencrypted and can be trivially sniffed * Spoofing one of your whitelisted MAC addresses in order to use your network is easy