ALERT: WPA can be less secure than WEP


SUMMARY:
WPA-PSK is vulnerable to attack, and can be even worse than WEP!
TO AVOID THE PROBLEM:
USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
BACKGROUND:
Weakness in Passphrase Choice in WPA Interface
By Glenn Fleishman
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp

...
The offline PSK dictionary attack
...
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20 characters
are needed to start deterring attacks. This is considerably longer than
most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
...
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
number for human entry; 20 character passphrases are considered too long
for entry. Given the nature of the attack against the 4-Way Handshake, a
PSK with only 128 bits of security is really sufficient, and in fact
against current brute-strength attacks, 96 bits SHOULD be adequate. This is
still larger than a large passphrase ...
...
Summary
...
Pre-Shared Keying is provided in the standard to simplify deployments in
small, low risk, networks. The risk of using PSKs against internal attacks
is almost as bad as WEP. The risk of using passphrase based PSKs against
external attacks is greater than using WEP. Thus the only value PSK has is
if only truly random keys are used, or for deploy testing of basic WPA or
802.11i functions. PSK should ONLY be used if this is fully understood by
the deployers.
See also:
Passphrase Flaw Exposed in WPA Wireless Security

Wi-Fi Protected Access. Security in pre-shared key mode

Cracking Wi-Fi Protected Access (WPA)


WPA Cracker

Reply to
John Navas
Loading thread data ...
You post this every week. Why not just put the article in the wiki and post that link each week, at least then we'd not all have to continually get our a*ses bored off with YANP. Mark McIntyre
Reply to
Mark McIntyre
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Nope. Twice a month.
Because my life is more interesting than yours.
Reply to
John Navas
Which is still about six times a year more often than you need to. If its frequently required info, put it in the FAQ for crying out loud.
Also I've been reading this group for many moons now, and until recently your posts were not wasting bandwidth. Why the sudden sanctiomoniousness?
I sincerely doubt that. Anyone anal enough to post the same message over and over probably has very little life to become interesting.
And I notice that rather than answer my question, you choose to post ridicule.
And lets bear in mind you started first with the insults. Mark McIntyre
Reply to
Mark McIntyre
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
The process is automated.
How childish.
Reply to
John Navas
It would appear not, given you have to post this crap so often, you mist be bored out of your mind or once would be enough.
fundamentalism, fundamentally wrong.
Reply to
Rico
Childish is spamming the newsgroup with this mess all the time, an adult would be satisfied with once or maybe once in a while a link to the wiki. But childish is what you are currently doing and the fact you have to be told.
fundamentalism, fundamentally wrong.
Reply to
Rico
Since when was that an excuse? You sound like a bank clerk "I'm sorry sir, the computer is never wrong".
Childish is spamming the NG, and insulting those who ask you to stop. Mark McIntyre
Reply to
Mark McIntyre
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
That's not happening.
I disagree.
Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Not an excuse -- just a correction.
I'm doing neither. And you? ;)
Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
We'll just have to agree to disagree. Get back to us when you've actually made any sort of real contribution to this newsgroup. ;)
Reply to
John Navas
You've posted before you do this with a bot, you do it over and over again as you have said, that pretty effectively defines spamming.
That is because you are the one behaving childishly, if you agreed, you wouldn't need to be told.
fundamentalism, fundamentally wrong.
Reply to
Rico
(I said)
I've no doubt the idiots who post get rich quick schemes also think of their stuff as non-spam. They're wrong too.
Me? I'm killfiling you and any thread you appear in.
One assumes the purpose of your posting was to inform. I'm wondering when you will realise you're having the reverse effect. But hey, you apparently don't care, after an absence of some months you showed up again here in late November and started spamming, having apparently p*ssed off people in other groups such as rec.photos.*, rec.video.*, alt.cellular.* in the meantime, so it seems unlikely you'll see you're not being helpful. Mark McIntyre
Reply to
Mark McIntyre
You might want to consider the same point yourself. Were it not for my responses to your spam and / or rude postings, my score would be quite high. Fortunately you're in my bitbucket from this post on, so I may return to a quiet life. Mark McIntyre
Reply to
Mark McIntyre
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
Knock yourself out.
Reply to
John Navas
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]
For starters see the FAQ, which was written mostly by me. And you?
Reply to
John Navas
Well john, no one has disputed that you have an excessively large ego, the question has been and remains why you spam the very group you wrote a FAQ for. But then, I think your post above explains all.
fundamentalism, fundamentally wrong.
Reply to
Rico

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.