Security. WPA?/-TKIP /-CCMP
in [Wireless Internet]
|
From: Chrisjoy on 4 Dec 2008 17:26 WLAN. What encryption protocol (implicitly supported by hardware) offer protection against others knowing the shared key? Does WPA-TKIP? What about WPA2-CCMP?
From: Chrisjoy on 4 Dec 2008 19:09 On Dec 4, 11:46 pm, Mark McIntyre <markmcint...(a)TROUSERSspamcop.net> wrote: > > If you mean "protection against people who know your key" then neither > is remotely useful... What would be useful? VLAN? Any more practical solution? Why isn't this issue discussed more? Is WLAN basically meant for lifeless people who don't mind others to look into their "private" stuff? Is 802.11 still a immature technology?
From: Jeff Liebermann on 4 Dec 2008 23:09 On Thu, 4 Dec 2008 14:26:46 -0800 (PST), Chrisjoy <ultralibertarianer(a)gmail.com> wrote: >WLAN. > >What encryption protocol (implicitly supported by hardware) offer >protection against others knowing the shared key? Does WPA-TKIP? What >about WPA2-CCMP? None of the above. A shared key is ummm.... shared. I can extract the shared key from some computers, or a usable hash value from the Windoze registry. <http://wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm> Once the shared key is compromised from one computah, the entire network is open to use, attack, or sniffing. If you want encryption security, you should be looking at WPA-RADIUS or WPA2-RADIUS. These are also sometimes known as WPA-Enterprise. A RADIUS server delivers a unique, one time WPA encryption key to each wireless client that gets used only once. Each client gets a different unique one-time key. Incidentally, nothing is every "implicitly" supported in hardware. It's either supported or it's not, which is "explicitly" supported. It's kinda difficult to "imply" something in hardware. Now, what is it you're trying to accomplish, and what do you have to work with? -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831-336-2558 jeffl(a)comix.santa-cruz.ca.us # http://802.11junk.com jeffl(a)cruzio.com # http://www.LearnByDestroying.com AE6KS
From: Jeff Liebermann on 4 Dec 2008 23:14 On Thu, 4 Dec 2008 16:09:10 -0800 (PST), Chrisjoy <ultralibertarianer(a)gmail.com> wrote: >On Dec 4, 11:46�pm, Mark McIntyre <markmcint...(a)TROUSERSspamcop.net> >wrote: >> >> If you mean "protection against people who know your key" then neither >> is remotely useful... > >What would be useful? WPA-RADIUS >VLAN? No. That just isolates broadcast domains by MAC addresses. MAC addresses are trivial to change or spoof, and therefore offer no security. Incidentally, the IP addresses and data are encrypted by WPA and WPA2. However the MAC addresses are easily sniffable, even without the encryption key. >Any more practical solution? Yes. Proprietary schemes. Your application is to vague to offer a specific recommendation. >Why isn't this issue discussed more? It's been discussed to death. Search Google groups or the web for "wireless security". >Is WLAN basically meant for >lifeless people who don't mind others to look into their "private" >stuff? Right. Wireless is for those that can't afford overpriced copper wires. >Is 802.11 still a immature technology? Nope. The surest sign of success and maturity is pollution. You're doing your part to insure success. What is it you're trying to accomplish and what do you have to work with? -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831-336-2558 jeffl(a)comix.santa-cruz.ca.us # http://802.11junk.com jeffl(a)cruzio.com # http://www.LearnByDestroying.com AE6KS
From: Chrisjoy on 5 Dec 2008 11:12
On 5 Des, 05:09, Jeff Liebermann <je...(a)cruzio.com> wrote: > On Thu, 4 Dec 2008 14:26:46 -0800 (PST), Chrisjoy > > <ultralibertaria...(a)gmail.com> wrote: > >WLAN. > > >What encryption protocol (implicitly supported by hardware) offer > >protection against others knowing the shared key? Does WPA-TKIP? What > >about WPA2-CCMP? > > None of the above. A shared key is ummm.... shared. Well, for all know, the share key priciple with WPA could be only a way to stop intruders to get into the network while there is another layer that offer protection against others with the same key. I don't know the details. That's why I'm asking. Do you know a good link with good info? > I can extract > the shared key from some computers, or a usable hash value from the > Windoze registry. > <http://wirelessdefence.org/Contents/Aircrack-ng_WinWzcook.htm> > Once the shared key is compromised from one computah, the entire > network is open to use, attack, or sniffing. > > If you want encryption security, you should be looking at WPA-RADIUS > or WPA2-RADIUS. These are also sometimes known as WPA-Enterprise. A > RADIUS server delivers a unique, one time WPA encryption key to each > wireless client that gets used only once. Each client gets a > different unique one-time key. Does this mean all pay load go though this Radius server, or is it only for key distribution and authentication? Will the average portable computer equipped with 802.11b/g also have support for Radius? If so, I think this would be the best solution because I don't need clients to instal software. > Incidentally, nothing is every "implicitly" supported in hardware. > It's either supported or it's not, which is "explicitly" supported. > It's kinda difficult to "imply" something in hardware. > > Now, what is it you're trying to accomplish, and what do you have to > work with? Bring about a network at work where everyone is welcome to connect wirelessly, but protected against sniffing pay load. A linux solution is welcome because load balancing and bandwidth control is already done on such a box. I don't think I want to use more than $1000, and the cost must be one time only. The solution must be easy to deploy, at least for windows clients. A tunnel between client and linux box would be fine. If Radius is supported by most portables, I think this is the most realistic way to go. What would I need either way? |