Re: What's the real scoop on wireless security?
From: Patrick J. LoPresti [MVP] (patl_at_users.sourceforge.net)
Date: 04/18/04
- Next message: Chris Milray: "Missing emails after latest security updates"
- Previous message: Alan C. Brown: "Re: Outlook Express 6/Lotus Notes Security Compatibility"
- In reply to: Robert Moir: "Re: What's the real scoop on wireless security?"
- Next in thread: Robert Moir: "Re: What's the real scoop on wireless security?"
- Reply: Robert Moir: "Re: What's the real scoop on wireless security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Apr 2004 12:10:48 -0400
"Robert Moir" <bofh@mvps.org> writes:
> The vulnerability with or without WEP is extreme, "secure wireless
> communication" is a sick joke unless you are prepared to spend a lot
> of time updating all your wireless equipment to support WPA and get
> that working and even then, I hear that the vendors are working on a
> new version of this secure standard, which makes me wonder if they
> know something bad about it that they haven't told the rest of us
> yet.
You are correct about WEP, but your concerns about WPA are nonsense.
WPA is *extremely* secure assuming you choose a strong passphrase
(duh) and assuming the encryption itself remains unbroken. The WPA
standard requires that devices support TKIP (based on RC4), and it
permits but does not require them to support AES.
WPA2 is due later this year, but all it will do is make AES mandatory
for compliant devices. Since most WPA devices already offer AES
(e.g., see <http://support.microsoft.com/?id=815485> or
<http://www.linksys.com/download/vertxt/wrt54g_ver.txt> or your own
wireless product's documentation), WPA2 will not provide any
additional security for such devices.
Even TKIP (RC4) has not been broken yet, although there are signs it
could happen in the next few years. AES is unlikely to be broken for
at least a few decades (except possibly by NSA). If either is broken
publicly, I guarantee you will hear about it, especially since RC4 is
commonly used for SSL connections.
In summary, if you:
1) use WPA (preferably with AES); and
2) choose a long passphrase with lots of random characters
...then your wireless communications will be completely secure against
any attacker short of a major world government.
- Pat
MVP, Windows Server - Setup/Deployment
http://unattended.sourceforge.net/
- Next message: Chris Milray: "Missing emails after latest security updates"
- Previous message: Alan C. Brown: "Re: Outlook Express 6/Lotus Notes Security Compatibility"
- In reply to: Robert Moir: "Re: What's the real scoop on wireless security?"
- Next in thread: Robert Moir: "Re: What's the real scoop on wireless security?"
- Reply: Robert Moir: "Re: What's the real scoop on wireless security?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
