[kismac] Re: WPA-TKIP, Kismac, and my network
- From: "Brian" <whj6z7602@xxxxxxxxxxxxxx>
- To: kismac@xxxxxxxxxxxxx
- Date: Sun, 23 Jan 2005 16:56:57 -0500
On Jan 23, 2005, at 11:01 AM, Brad Knowles brad-at-stop.mail-abuse.org
|KisMAC list| wrote:
At 9:40 PM +0800 2005-01-23, Robin L Darroch wrote:
Really? That sounds very interesting indeed! Do you have any
references
or links about that?
Oh, see also the article at
<http://www.nwfusion.com/reviews/2004/1004wirelesswpa.html>.
From that article: "The innate problem is that a passphrase is easy to
guess." Actually, a _poor_ passphrase is easy to guess (dictionary
attacks, precomputed hashes, etc.). A "strong" passphrase (WPA-PSK
allows for up to 63 chars) is not going to be so easy to brute-force.
I still haven't -- yet! <g> -- seen anyone discussing any weaknesses of
WPA besides the offline dictionary attack on the passphrase in PSK
mode. Has anyone yet uncovered any actual crypto flaws that shorten the
attack from just brute-force?
Sure, if you know the passphrase, you can calculate others' PTKs. But
if you know the passphrase and you're already on the network, you have
other attacks at your disposal as well (attack the switch or other
clients with arp poisoning, etc.). With a single PSK per ESS, you need
to trust the people you give the PSK to.
So far, it looks like if you pick a reasonably strong passphrase, maybe
change it every once in a while, you should be pretty secure unless
you're on the NSA's top-10 list or something. ;-) And still use
SSH/SSL/TLS (and PGP/GnuPG for your email) over that link for truly
sensitive stuff -- after all, once it leaves _your_ network, even an
802.11i RSN isn't going to keep your data safe. But everything I've
read says that the strength of WPA-PSK is dependent on the strength of
the passphrase; it needn't be weak *if* the network administrator knows
what he's doing.
- Brian
Other related posts:
- » [kismac] WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network
- » [kismac] Re: WPA-TKIP, Kismac, and my network