WPA - dslreports.com

Author	All Replies
devolic join:2001-11-22 Southfield, MI clubs:	WPA I can use TKIP or AES which one is more secure? -- Have a good 1, Doug
	to forum · permalink · · 2008-06-15 18:20:51 ·
Curious in Tulsa @sbcglobal.net	TKIP is secure, but AES gives you and even greater margin of safety.
	to forum · permalink · 2008-06-15 20:06:49 ·
SoonerAl Old Enough To Know Better Premium,MVM join:2002-07-23 Norman, OK	reply to devolic Also make sure you use a long encryption key. Personally I use WPA-PSK (AES) with a 63-character random ASCII key. Here are two on-line key generators... »www.kurtm.net/wpa-pskgen/ »https://www.grc.com/passwords.htm -- "When all else fails, read the instructions..." MS-MVP Windows – Desktop User Experience
	to forum · permalink · · 2008-06-16 07:53:50 ·
docrice join:2008-03-31 Fremont, CA	reply to devolic If you have any hardware (access point or interfaces) that's more than a few years old, make sure that they all support AES / CCMP or are upgradeable to support it via firmware update. At this point, they're both reliant on the same on brute-force tactics to directly crack (from an attacker's point-of-view).
	to forum · permalink · · 2008-06-16 16:11:06 ·
Lasko @qwest.net	reply to SoonerAl quote: Also make sure you use a long encryption key. Exactly. Both TKIP and AES are secure. The only attack against WPA is to guess or brute force the key you configure on the AP and the clients. Note that this key is not used to encrypt/decrypt the wireless traffic. It is used to establish communications between the AP and the wireless client so that the actual encryption keys may be negotiated. This negotiation occurs during the first 4 (or so) packets exchanged between the AP and client. So these initial packets are the ones you are protecting with the key you specify.
	to forum · permalink · 2008-06-17 19:28:08 ·
docrice join:2008-03-31 Fremont, CA	I'd like to clarify this a bit since people tend to be vague on this particular area. The WPA passphrase is used in conjunction with the SSID value and the SSID length, the hash of which results in the Pairwise Master Key (PMK). This is the first-stage secret that the station and AP share. The secret element, of course, is the passphrase because everything else is out in the open. With both the station and AP having calculated the same PMK, the next step is to perform a 4-way handshake which involves each side sending a dynamically-generated nonce value. Each side uses these values, along with the hardware addresses of both nodes, to calculate the Pairwise Transient Key (PTK). The PTK is composed of multiple sub-keys such as the EAPOL Key Encryption Key (KEK), EAPOL Key Confirmation Key (KCK), as well as the Temporal Key (TK). It's the stuff that makes up the PTK which does the actual encryption, namely the Temporal Key for unicast packets. The 4-way handshake is exposed clear text. If you capture the WPA session setup traffic during 802.11 and WPA negotiation, you can see these nonce values being passed along with the GTK and any ACKs. Attackers need to figure out two things to crack WPA traffic: the PMK value and the session-specific 4-way handshake nonce values. Therefore, protecting the PMK in a pre-shared key environment by selecting a strong passphrase is crucial because everything else can be seen via monitor mode on a 802.11-capable network interface.
	to forum · permalink · · 2008-06-18 04:12:19 ·


Saturday, 11-Oct 01:05:13	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF