[Talk] How secure is wireless, in practical terms?
Larry Kagan
talk@flux.org
Tue, 07 Nov 2006 13:22:52 -0500
--=-rqksJLS28UvGJDaMuFoq
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
On Tue, 2006-11-07 at 13:04 -0500, Danny Rathjens wrote:
> Just to clarify. He did not claim WPA is easy to crack. He said
> it was much more secure than WEP and that *if* someone managed to
> get through the WPA encryption, then figuring out the MAC address
> of machines on the net is easy.
> That is a pretty big if.
Actually, after looking further into it, I take back my statement about
WPA being more secure than WEP. That's a blanket statement. Certain
conditions must be met for it to be true. WPA encryption is not
difficult to get through, again under certain conditions. The following
excerpt should clear this up a bit:
WEP is seriously flawed and almost always crackable. WPA-PSK is
slightly flawed, and can only be cracked if weak passwords (<20
characters according to 802.11i Standard) are used. However,
cracking WEP requires at least an hour of active sniffing in the
best of cases. WPA-PSK only requires a few seconds of sniffing.
This is why I state WPA is easier to crack.
The PSK stands for Pre-shared key and is the WPA mode of most SOHO
(small office, home office) users. There's some surprisingly good
information at wikipedia (http://en.wikipedia.org/wiki/WPA-PSK)
So, the updated answer to you, Adam, is that if you use a password of 20
characters in WPA, you'll be okay! Time to roll up and put the cat 5
away. ;)
Ahh, who knows. I'm learning as I go here.
Larry
--=-rqksJLS28UvGJDaMuFoq
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.10.3">
</HEAD>
<BODY>
On Tue, 2006-11-07 at 13:04 -0500, Danny Rathjens wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">Just to clarify. He did not claim WPA is easy to crack. He said</FONT>
<FONT COLOR="#000000">it was much more secure than WEP and that *if* someone managed to</FONT>
<FONT COLOR="#000000">get through the WPA encryption, then figuring out the MAC address</FONT>
<FONT COLOR="#000000">of machines on the net is easy.</FONT>
<FONT COLOR="#000000">That is a pretty big if.</FONT>
</PRE>
</BLOCKQUOTE>
<BR>
Actually, after looking further into it, I take back my statement about WPA being more secure than WEP. That's a blanket statement. Certain conditions must be met for it to be true. WPA encryption is not difficult to get through, again under certain conditions. The following excerpt should clear this up a bit:<BR>
<BR>
<BLOCKQUOTE>
WEP is seriously flawed and almost always crackable. WPA-PSK is slightly flawed, and can only be cracked if weak passwords (<20 characters according to 802.11i Standard) are used. However, cracking WEP requires at least an hour of active sniffing in the best of cases. WPA-PSK only requires a few seconds of sniffing. This is why I state WPA is easier to crack.<BR>
<BR>
</BLOCKQUOTE>
<BR>
The PSK stands for Pre-shared key and is the WPA mode of most SOHO (small office, home office) users. There's some surprisingly good information at wikipedia (<A HREF="http://en.wikipedia.org/wiki/WPA-PSK)">http://en.wikipedia.org/wiki/WPA-PSK)</A><BR>
<BR>
So, the updated answer to you, Adam, is that if you use a password of 20 characters in WPA, you'll be okay! Time to roll up and put the cat 5 away. ;)<BR>
<BR>
Ahh, who knows. I'm learning as I go here. <BR>
<BR>
Larry
</BODY>
</HTML>
--=-rqksJLS28UvGJDaMuFoq--