Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stronger Encryption for Wi-Fi

Posted by michael on from the huff-and-puff-and-blow-the-house-down dept.

sp00 writes "The first products certified to support Wi-Fi Protected Access 2, the latest wireless security technology, were announced by the Wi-Fi Alliance on Wednesday. The Wi-Fi Alliance says WPA2 is a big improvement on earlier wireless security standards, such as Wired Equivalent Privacy (WEP), which hackers have found easy to circumvent. It includes Advanced Encryption Standard, which supports 128-bit, 192-bit and 256-bit keys."

6 of 175 comments (clear)

  1. WPA2? by Trygve · · Score: 3, Informative

    Correct me if I'm wrong, but isn't WPA2 just the WiFi Alliance being stuborn about what to call 802.11i? I mean, WPA was just supposed to be 802.11i minus everything that required hardware upgrades. WPA2 is just 802.11i, only not a real standard, ooh boy!

    1. Re:WPA2? by lizrd · · Score: 5, Informative
      Not exactly. Wi-Fi/WPA/WPA-2 are all industry standards based on the various 802.11? IEEE standards. The difference is that WECA (Wireless Ethernet Compatability Alliance) actually does testing rather than just publishing standards like IEEE does. In order to get the fancy sticker on the package you need to pay a couple of grand and get your product tested to the standards. The benefit of certification is that you have some idea that the product was actaully implemented to the standard correctly.

      That said, WPA-2 provides basically zero benefit over WPA. WPA relies on the same RC-4 algorithm as WEP, but has a few patches put in place to resolve the problems it had. The most important one is using a new key for each frame. Given a choice between an algorithm that can be broken given 11MB of data and one that has no known attacks, do you think that it matters which you use to encrypt 1500 bytes? Not really.

      The good news about WPA-2/802.11i (same thing, just certified and a less scary name for the PHBs) is that it breaks hardware compatibility, and that means there's a chance that things have been done right this time.

      --
      I don't want free as in beer. I just want free beer.
  2. Re:Question by ericpi · · Score: 3, Informative

    I believe MAC filters are inherently less secure than encryption: The MAC addresses, I believe, are sent in the clear (i.e., not encrypted), so all someone has to do is listen to which devices are already operating on the network, then spoof their MAC to match.

  3. "Easy to circumvent"? by Anonymous Coward · · Score: 5, Informative
    All of the known WEP attacks are based on receiving weak IV frames (usually after sifting through gigabytes of data). Modern WiFi chipsets (i.e., those made within the last 2 years or so) do not send weak IV frames all that often, if at all.

    It is not as easy as everyone says. Try it with some brand-new, high quality equipment and you may be surprised at the result.

  4. Re:Question by ericpi · · Score: 4, Informative

    At first, you don't trasmit anything. (Since, as you point out, the whitelist would prevent the access point from responding to you, anyway.) However, you just listen to the existing legitimate traffic. Then clone your device with the same MAC as one of these legitimate (and already on the whitelist) devices.

  5. Re:Does this means... by brain159 · · Score: 3, Informative

    Sufficient for what?

    Keeping a serious attacker away from your data, if it's specifically you he's after? Possibly not.

    Keeping a casual war(mode-of-transport)'er out of your WLAN to stop him leeching your bandwidth? Probably.