27 Sep
2004
27 Sep
'04
6:28 a.m.
Pascal Steichen wrote:
To this WEP vs WPA thing I just want to add that those
two mechanisms are
complementary !
- WEP is for cyphering the commjnication
- WPA is for authentication
So if you really want to be "as safe as possible" you should use both !
Bytheway, I shall also add that WPA needs an auth server at the backend to
provie the authentication, most used ar RADIUS !
For home use I think WPA is bit overkill (at the moment) cause of managing
overhead, so for home users I suggest working with WEP and MAC filtering,
this will provide a near cable security ;)
my 5 cents ...
ciao,
pst
WPA is the replacement of WEP, that is NO SECURITY. Several articles
have been published from 2000 on how to crack WEP, and at least two
implementations of those exploits are freely available as free software
on the web. More than that, the design is so broken that when they
extended the key length from 64 to 128 bits, the effect on the exploit
was to double the average duration of the cracking process.
The IT manager of Astra came last year to Bureautech with his
Linux-running laptop. From the entrance to Plan-Net booth, he already
cracked the Luxexpo (FIL at the time) wireless network.
Use of a radius server is indeed advised if you want the full feature of
WPA. However, I read an article recently that showed that the use of a
simple shared secret was dangerous if the key was weak (a password or a
passphrase). It recommended a random-generated long key. For sure, this
is uneasy to use, but reversely, you can consider that using WPA with
long, random generated key might be safe... until it is cracked again.
On corporate building outside walls in big cities, such as London, you
have chalk writings made by teenagers that gives the technical details
about the wireless network, so that they can freely browse the web from
the street using the (secured, private, inside, ...) company LAN and
Internet access...
WEP is NO SECURITY at all, since years, and that is the very reason why
the WiFi vendors build this WiFi consortium and developped a new
standard: WPA.
Now, what worth WPA (the true one, also called WPA2) ? No idea. Let's
see what will happend...
If I would really NEED this even at home, I would try to add a VPN
between the two sides of the WiFi link.
Just my Eurocent.
(by the way, the plural for cent is cent, as the plural for Euro is
Euro, following international treaty of 1997 and ECB rules.)
--
Brent Frère
Private e-mail: Brent(a)BFrere.net
Postal address: 5, rue de Mamer
L-8280 Kehlen
Grand-Duchy of Luxembourg
European Union
Mobile: +352-021/29.05.98
Fax: +352-26.30.05.96
Home: +352-307.341
URL: http://BFrere.net