How secure is EAPOL registery key?
From: Tim Guy (tim_at_hurtwood.demonREMOVE.SPAM.co.uk)
Date: 10/23/03
- Next message: S. Pidgorny
: "Re: IPsec/L2TP and AES" - Previous message: glamgram: "system freezes . . ."
- Next in thread: S. Pidgorny
: "Re: How secure is EAPOL registery key?" - Reply: S. Pidgorny
: "Re: How secure is EAPOL registery key?" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 08:48:55 +0100
I'm looking at implementing wireless 802.1x into a site where the laptops do
not belong to the infrastructure supplier.
I was going to use PEAP with a domain user and password created for the
computer not for the user.
The infrastructure IT dept will put the username, password and root CA into
the laptop for the laptop owner and then the user continues to use the
laptop with the local account.
The problem is how secure is the EAPOL reg key where the PEAP username and
password is kept. If I look with regedit it seams to be encrypted but I'm
not sure if it could be brute forced or not.
If it could I would consider using certificates but I can also see that with
an open laptop these certificates could be exported and import into another
laptop thus making that pretty pointless too.
Any thoughts?
Tim
- Next message: S. Pidgorny
: "Re: IPsec/L2TP and AES" - Previous message: glamgram: "system freezes . . ."
- Next in thread: S. Pidgorny
: "Re: How secure is EAPOL registery key?" - Reply: S. Pidgorny
: "Re: How secure is EAPOL registery key?" - Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
