[Sussex] Holbrook - Moot: Wired Networking

Steve Dobson steve at dobson.org
Mon Oct 22 14:28:13 UTC 2007


Jon

On Mon, 2007-10-22 at 15:01 +0100, Jon Fautley wrote:
> On Mon, 22 Oct 2007 14:49:36 +0100
> Matt Brown <matt at mbrown.co.uk> wrote:
> > Have you managed to break WPA/WPA2 Jon ?
> 
> Nope. It looks a lot more complex. Breaking WPA-PSK appears to be
> possible, but basically requires a brute force/dictionary attack
> against weak packets. There doesn't (yet) seem to be a 'systematic'
> attack that can reveal the encryption key. WPA Enterprise (that uses
> RADIUS) seems to be pretty immune from what I can see. Besides, even if
> a user account is compromised, it's simple to change the password.

From what I've read WPA was properly designed by people who knew about
security.  If you set it up correctly then you should be safe.

For home use a Pre-Shared Key (PSK) is good enough if it is generated
right.  Don't just pick some short phrase.  Get a truly random 64
character string.  Yeah, this is not easy to type but who needs to type
it.  You can always sneaker net it over on a USB key drive to any
machine that wants to be on your network.  If you use a strong secret
then the brute force attack is either going to have to be incredibly
lucky or run for longer than the age of the universe.

WPA Enterprise should be used in an office environment.  It's harder to
set up as you have to configure a RADIUS server, but the advantages is
that every connection generates a new key/pair.  With PSK everyone knows
the same secret and therefore can snoop all the WiFi traffic.  But with
WPA-E that is not possible so if you do sack someone (or they leave) you
don't have to change the secret for everyone else to keep your network
secure, you just revoke their setup on the RADIUS server.

Steve
-- 
Steve Dobson

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/sussex/attachments/20071022/71673b1e/attachment.pgp 


More information about the Sussex mailing list