Re: WPA safety and/versus WPA2 - just thinking...
From: Michael Schmidt (NOSPAM_schmidt_at_nue.et-inf.uni-siegen.de)
Date: 06/29/05
- Next message: Risto Lankinen: "Special factorization method sought"
- Previous message: Dave Turner: "Re: own cypher-algorithm - TaShiKai"
- In reply to: Markus Jansson: "WPA safety and/versus WPA2 - just thinking..."
- Next in thread: Michael Schmidt: "Re: WPA safety and/versus WPA2 - just thinking..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 29 Jun 2005 11:56:10 +0200
Markus Jansson schrieb:
> Short summary
> http://www.ezlan.net/wpa_wep.html
> http://www.draytek.co.uk/support/wlan_wepwpa.html
>
>
>
> And the questions/comments of mine:
>
> 1) WPA only has 64bit auth key size, so its not safe against brute
> force...why not 128bit?
What do you mean by authentication key size? WPA has two modes of peer
entity authentication: with Pre-Shared Keys (PSK) and integration with
802.1X authentication schemes. PSK may have up to 256 bit key (i.e.
password) size. 802.1X is too complex to explain here, but has several
modes of authentication with strong, asymmetric cryptography (e.g. with
TLS).
> 2) WPA only has 64bit encryption key size, so its not safe against brute
> force...why not 128bit?
WPA uses RC4 with a 128 bit key.
> 3) In WPA, Michael is not well-researched and analysed algorithm, and
> there propably are yet-unknown-but-soon-to-be-discovered-vulnerabilities
> in it...why not use SHA-2 etc?
WPA is suppused to be backwards-compatible to (most of) the existing WEP
HW. This HW does not support SHA (too heavy-weight).
> 4) In WPA, IV is only 48, so its not safe against brute forcing
> etc...why not use 128bit?
Relevant from a cryptographic point of view is not the WPA (or WEP) IV,
but the effective (per packet) key that goes into RC4. In WEP, the
effective key consists of a 40 (or 104) bit constant WEP key and a 24
bit IV. So the variable part has only 24 bit, which is too small. In
WPA, however, a fully dynamic (i.e. changes for every packet) 124 bit
effective key is generated, one component of which is the 48 bit IV. It
is mangled into the effective key over two mixing stages.
It simply doesn't make sense to compare these values between WEP and WPA.
> 5) Why isnt the key schedule set up to change keys even faster?
Re-keying is expensive in terms of time.
> 6) WPA2 is not that clever either. Encryption key size and
> authentication key size might be better at 256bits, and IV ofcourse
> 128bits. CCM seems ok for the time being however.
> ) Why didnt they pick "better ones" to the WPA/WPA2? Yes, I know,
> compatibility issues, power issue, computing power issue, support issue,
> blahblahblah. Yeah. Why not choose just some lame XOR encryption while
> you are at it then?
You just gave the answer yourself. WPA2 has been designed by leading
cryptographers (in contrast to WEP). Its cryptographic parameters are
state-of-the-art, and no serious weaknesses are known. You comparison
between WPA2 and XOR simply sucks.
Better get yourself reasonable sources about WPA/WPA2 (e.g. in the
English Wikipedia) and dump your apparently incompetent sources before
you raise such superficial and wrong blaims.
Michael
-- Michael Schmidt University of Siegen, Germany http: www.dcs.uni-siegen.de e-mail: schmidt _at_ nue.et-inf.uni-siegen.de
- Next message: Risto Lankinen: "Special factorization method sought"
- Previous message: Dave Turner: "Re: own cypher-algorithm - TaShiKai"
- In reply to: Markus Jansson: "WPA safety and/versus WPA2 - just thinking..."
- Next in thread: Michael Schmidt: "Re: WPA safety and/versus WPA2 - just thinking..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
