Re: 802.11i

From: Tomas Wolf (tomas_at_skip.cz)
Date: 09/26/03

  • Next message: Useru Chior: "from 127.0.0.1:80 to myIP:1838 on eth0" 
    Date: Fri, 26 Sep 2003 01:31:22 -0600
To: "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>

    Hello,

      fistly WPA & TKIP are "connected" -- WPA stands for "Wi-Fi Protected
    Access" and it is security "system" for wireless networks that employs
    several protocols to ensure security of wireless data communication.
    While TKIP "Temporal Key Integrity Protocol" is actual protocol under
    WPA v1 (thus forward compatible with WPA v2, ie. 802.11i). TKIP makes it
    safer to communicate using RC4 (Ron's Code 4) stream cipher, together
    with longer IV (48 bits now). While 48bit IV (plus 104 bit base-key)
    gives us 2 to the 152nd power of combination of the key (which is a huge
    number:-). There are also other controlers to guard integrity of the
    traffic, network access, and key management (TKIP is part of key
    management). But that is WPA v1., which is done to be as an enhancement
    to standing, supported hardware... It is done by firmware update, but
    the firmware should (must) be supplied by the vendor (of course).

      802.11i employs WPA v2 as its security system. This version of WPA has
    some more enhancements in store. The most significant one is probably
    the cipher used. It will be AES block cipher; this change requires
    hardware change due to higher complexity of the cipher --> consequence:
    no firmware updates to standing hardware. But as stated, WPA v2 should
    be backward compatible with WPA.

      For more information I would suggest to buy the specification on a
    Wi-Fi Alliance home page: http://www.wi-fi.org/ . It cost only $25 and
    the page is a nice resource for future studies.

    I hope this answers you question.
    Good luck -- Tomas

    Carter, Brent wrote:

    > question about 802.11i: Is it inheirently WPA or TKIP?
    >
    > Brent Carter
    > IT Specialist
    > DISA/API41
    > Net-OPS Assurance Division
    > 703-882-1548
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Useru Chior: "from 127.0.0.1:80 to myIP:1838 on eth0"

    Relevant Pages

    • Re: THE SIMPLIEST SAFE CIPHER
      ... Security commentary first, translation from garbled to something readable later. ... This is far from the simplest safe protocol, it makes use of an undefined hash, BWTS which is not fast, both of which are complicated to implement and execute. ... It is a permutation and XOR cipher, worse it does not even use a keyed permutation, these are broken by children. ...
      (sci.crypt)
    • Re: Protocol Analysis
      ... Subject: Protocol Analysis ... Concerned about Web Application Security? ... testing and vulnerability management needs. ... most comprehensive solutions to meet your application security penetration ...
      (Pen-Test)
    • [fw-wiz] UNSUBSCRIBE
      ... (Paul D. Robertson) ... > fixup protocol icmp error ... >> isn't about the security properties of the control, ... errors in the firewall, configuration errors, and it then takes physical ...
      (Firewall-Wizards)
    • Re: Wi-Fi: Essential Checklist
      ... "This is not to say that the new wireless security protocol, ... WPA, isn't very good. ... security flaws in it; there always are." ... If you're going to run an open network, ...
      (alt.internet.wireless)
    • Re: Configure wifi access / Free.Fr / WPA (TKIP/AES)
      ... One thing you might try is using hex instead of clear text for your ... My WPA wouldn't work with the clear ... network-manager and select 'Connect to Hidden Network', set security ... 100 http://ftp.fr.debian.org unstable/main Packages ...
      (Debian-User)