Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 12/15/04

Next message: Marcus J. Ranum: "Re: [fw-wiz] Re: How to Save The World (was: Antivirus vendor conspiracy theories)"

Previous message: ucxfoe: "[fw-wiz] Re: How to Save The World (was: Antivirus vendor conspiracy theories)"
In reply to: Frederick M Avolio: "Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES"
Next in thread: Paul D. Robertson: "Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Frederick M Avolio <fred@avolio.com>
Date: Wed, 15 Dec 2004 14:13:47 -0500 (EST)

On Wed, 15 Dec 2004, Frederick M Avolio wrote:

> I suspect this is somewhat off topic, but the moderator let it through, so..

The moderator did, because it's (a) perimeter security of a sort, (b)
security-related [and therefore still in charter] and (c) more interesting
than another round of MS bashing [fun as that can be.][0]

> using WEP (but WEP is better than nothing).

At this stage, is it really better than nothing? At least with nothing,
you know you're running wide open. With WEP, you assume some
protection and now with differential attacks, we're at ~200k packets with
unique IVs for a definite break, or 2.5x that if they're using long keys.

After a close look at the FBI/CSI crime survey, I'm shying away from
"better than nothing" statements for a while...

Morrow's link was enough to end the thread, unless someone has something
really useful to add[1].

I'll put in the obligatory tools for testing link:

http://www.securityfocus.com/infocus/1814

I think I'm at the point where it's worth recommending an upgrade to WPA
to cover the bases here, and replace anything that doesn't do WPA to do
it.

Paul
[0] I'm always open to feedback, and will happily explain my rationale
where one exists.
[1] Like how long on average it takes to collect enough traffic to gain a
key.
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Marcus J. Ranum: "Re: [fw-wiz] Re: How to Save The World (was: Antivirus vendor conspiracy theories)"

Previous message: ucxfoe: "[fw-wiz] Re: How to Save The World (was: Antivirus vendor conspiracy theories)"
In reply to: Frederick M Avolio: "Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES"
Next in thread: Paul D. Robertson: "Re: [fw-wiz] WPA Pre-Shared Key TKIP vs AES"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]