- Mythbuster busts his own tale
- 10 open source companies to watch
- Sony recalls 73,000 Vaio laptops
- Tool to evade China's Web censorship
- Chrome and Firefox and add-ons
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
WPA is an industry specification the Wi-Fi Alliance pushed into adoption. This cooperative of wireless manufacturers - worried that WEP would stall sales - took an early draft of the IEEE 802.11i wireless security standard, pulled out some harder-to-implement pieces, such as AES encryption, and created WPA. Vendors shipped certified WPA products just five months after announcing the specification.
WPA enhances security in several ways. The most obvious is in the encryption protocol. WPA uses TKIP to improve the key usage in wireless encryption. Although TKIP uses the same base encryption algorithm - RC4 - as WEP, the way it selects and changes keys resolves many of the issues surrounding WEP. WPA also improves the integrity aspects of 802.11 by making it virtually impossible to inject messages into a wireless conversation or to modify a message on the fly.
The primary improvement in WPA is the per-session encryption key. Every time a station associates, a new encryption key is generated based on some per-session random numbers and the media access control (MAC) addresses of the station and the access point. WPA sounds like a major improvement, and it is - if it's used correctly.
Unfortunately, the easiest way to use WPA actually makes it easier to crack than WEP. When 802.1X authentication is not used in WPA, a simpler system called Pre-Shared Key (PSK) is. PSK offers a long-lived password that everyone who wants to connect to the WLAN has to know. All the wireless devices we tested with the exception of the Linksys adapter card support WPA-PSK (see graphic, below.)
With WPA-PSK, if you don't make your password long, you're susceptible to an offline dictionary attack where an attacker grabs a few packets at the time a legitimate station joins the wireless network and then can take those packets and recover the PSK used. An attacker can get what he needs to guess the PSK and get out without anyone noticing. This can occur because the attacker doesn't have to be near the WLAN for more than a few seconds, and the LAN doesn't have to be very busy.
Rss FeedRss Feed
Discover the capabilities your file integrity monitoring solution should have to effectively secure...
Realizing the Potential of User-Generated and Social NetworkingCan communication service providers (CSPs) leverage Web 2.0 services and create new service...
Digital Asset Management StrategyThe reality of Dramatically changing media landscape, has created awareness within the media and...
The standard for Power over Ethernet (PoE), IEEE Std. 802.3af(tm)-2003, advanced networking,...
Intelligent Mobility: BlackBerry Technical Seminar 2008The virtual BlackBerry Technical Seminar keeps growing in popularity every year, and we want to...
Harnessing the power of communications to increase workplace performanceDue to the convergence of IT and telecommunications technologies, the business workplace has been...
WAN Ethernet services are reliable, cost-efficient offerings that are widely available and in a...
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comment