Re: WPA - dslreports.com

Author	All Replies
SoonerAl Old Enough To Know Better Premium,MVM join:2002-07-23 Norman, OK	reply to devolic Re: WPA Also make sure you use a long encryption key. Personally I use WPA-PSK (AES) with a 63-character random ASCII key. Here are two on-line key generators... »www.kurtm.net/wpa-pskgen/ »https://www.grc.com/passwords.htm -- "When all else fails, read the instructions..." MS-MVP Windows – Desktop User Experience
	to forum · permalink · · 2008-06-16 07:53:50 ·
Lasko @qwest.net	quote: Also make sure you use a long encryption key. Exactly. Both TKIP and AES are secure. The only attack against WPA is to guess or brute force the key you configure on the AP and the clients. Note that this key is not used to encrypt/decrypt the wireless traffic. It is used to establish communications between the AP and the wireless client so that the actual encryption keys may be negotiated. This negotiation occurs during the first 4 (or so) packets exchanged between the AP and client. So these initial packets are the ones you are protecting with the key you specify.
Lasko @qwest.net	to forum · permalink · 2008-06-17 19:28:08 ·
docrice join:2008-03-31 Fremont, CA	I'd like to clarify this a bit since people tend to be vague on this particular area. The WPA passphrase is used in conjunction with the SSID value and the SSID length, the hash of which results in the Pairwise Master Key (PMK). This is the first-stage secret that the station and AP share. The secret element, of course, is the passphrase because everything else is out in the open. With both the station and AP having calculated the same PMK, the next step is to perform a 4-way handshake which involves each side sending a dynamically-generated nonce value. Each side uses these values, along with the hardware addresses of both nodes, to calculate the Pairwise Transient Key (PTK). The PTK is composed of multiple sub-keys such as the EAPOL Key Encryption Key (KEK), EAPOL Key Confirmation Key (KCK), as well as the Temporal Key (TK). It's the stuff that makes up the PTK which does the actual encryption, namely the Temporal Key for unicast packets. The 4-way handshake is exposed clear text. If you capture the WPA session setup traffic during 802.11 and WPA negotiation, you can see these nonce values being passed along with the GTK and any ACKs. Attackers need to figure out two things to crack WPA traffic: the PMK value and the session-specific 4-way handshake nonce values. Therefore, protecting the PMK in a pre-shared key environment by selecting a strong passphrase is crucial because everything else can be seen via monitor mode on a 802.11-capable network interface.
docrice join:2008-03-31 Fremont, CA	to forum · permalink · · 2008-06-18 04:12:19 ·


Saturday, 22-Nov 05:43:29	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com.republican-creole page compression OFF