AirPort 3.3 Extends WPA Security

tackaberry writes "Apple has released an update for AirPort. Version 3.3 (AEBS firmware version 5.3) includes support for Wi-Fi Protected Access (WPA) specification for non-Extreme AirPort cards (WPA was added for Extreme cards last fall in version 3.2), an alternative to the oft-maligned Wired Equivalent Privacy (WEP). Those who wish to use WPA will have to have Mac OS X Panther 10.3."

Kernel Panic!

[NetJunkie]

I put this on my 15" PB last night and got my first kernel panic. :)

The WPA is very easy to use. I've been running it for a couple of weeks now using the Apple base. Windows XP and OSX clients aer working happily.

What's wrong with WEP?

[Van+Halen]

I'm curious, and I figure somebody here probably knows a good deal about this. The Wi-Fi Protected Access Q&A (pdf) says:

Many cryptographers are confident that Wi-Fi Protected Access addresses all the known attacks on WEP. It also adds strong user authentication, which as absent in WEP.

Ok, user authentication is good, but what are the "known attacks on WEP"? I'm using a Linksys access point which obviously can't be upgraded to WPA with this update, so should I be concerned that my 128-bit WEP key isn't good enough?

Big Deal

MacRumors.com says:

Airport Extreme "II" will be coming soon, with support for 802.11b, 802.11g and the newly developped 802.11m which can span an entire city block with speeds of up to 108MBPS. According to VERY reliable sources we should see this product in the next six months.

AC

Still left out in the cold for Cisco

[metric152]

It's nice that apple is updating their WPA security for the airport, but it's still hard to get on Cisco secure access points. The place i work at has a Cisco Aironet 1100 and they have it set up to use WPA. I've tried many times to figure out how to get on it but I haven't found anything that works. The system admin couldn't help me either. I wish apple would step up and support enterprise level wireless hardware.

WPA and WEP on same network?

Is it possible to have both WPA and WEP on the same wirless network? I have a windows 2000 machine which doesn't support WPA, so I'd like to use WEP for it while still using WPA for my Mac. My SMC base station allows to setup the network like this, but my Mac just quits working ("Error connecting to Network" alert).

WPA goodness

[nsayer]

I'm quite happy with WPA-PSK (with the caveat that you need to pick a very strong passphrase to avoid offline dictionary attacks). My wife has an iBook G4 and I have a TiBook with a Linksys WPC54G in it and they all talk to a Linksys WAP54G. It was all miraculously easy.

Then I had to get a couple of Windows laptops to work. That was misery!

First, you must be running XP. I guess that's fair, since Apple says you must be running Panther.

Next, you have to have a wireless card that has drivers updated with WPA support. Irritatingly enough, a WPC54G with the latest drivers will work, but a WPC55G (A+G card) won't because the drivers aren't updated. Grr!

I did finally get it to go, but it was a whole lot easier on the Mac.

I also wanted to set up WPA "Enterprise" with an eye towards deploying that at the office. I still haven't figured out how to get that to work, unfortunately. But the PSK variety was surprisingly easy.

Re:The security of any protocol

[nsayer]

I'm not sure I agree. If the only attack available is an online dictionary attack, then the bar is significantly lowered if the service does the right things. It can rate limit to raise the cost, it can lock an account after small-n bad passwords are given, it can raise an alarm that can identify (at least to some extent) the intruder... All of these mitigations are useless if an offline attack is possible.