Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stronger Encryption for Wi-Fi

Posted by michael on from the huff-and-puff-and-blow-the-house-down dept.

sp00 writes "The first products certified to support Wi-Fi Protected Access 2, the latest wireless security technology, were announced by the Wi-Fi Alliance on Wednesday. The Wi-Fi Alliance says WPA2 is a big improvement on earlier wireless security standards, such as Wired Equivalent Privacy (WEP), which hackers have found easy to circumvent. It includes Advanced Encryption Standard, which supports 128-bit, 192-bit and 256-bit keys."

8 of 175 comments (clear)

  1. overhead by a3217055 · · Score: 4, Interesting

    All these new ways of encrypting data over wireless is great. Security of data is a good service. But how much will it cost, do you need more expensive hardware to create such encryption, will there be a loss of performance and other related factors. These are important and must be tested before we start saying that wap2 is the world's greatest thing for wireless encryption.

  2. Hmm by Mattwolf7 · · Score: 3, Interesting
    I doubt this is going to take off. Since we have enough problems with people enabling protection in the first place. Unless companys start requiring it, which won't happen because my local ISP gives you a wireless access point with service. But they do not enable WEP or any encryption on the devices.

    Oh well mine is enabled

    ----
    Free IPods

  3. So... by NETHED · · Score: 3, Interesting

    So now instead of just a few hours with a current computer, it will take a bit longer, maybe a week or something. Then someone will figure out that the key string is MAC dependent based on time signitures, or something, and there we go, no more security.

    I have no illusions about the "security" of WiFi, no matter how encrypted it may be. The signal is traveling through open space for anyone to look at, and if you look at enough of the signal, you can find the pattern. This just increases the processing power needed by the AP and Card, further pushing the development of more advanced, procs. (Don't get me wrong, I'm all for this)

    I understand that corperations are interested in this for security, but for an average joe like me, I keep my access point wide open for anyone to use. If you want to look at my GF's reciepe's or our photos, go right ahead.

    Security is only as important as you make it to be.

    --
    --sig fault--
  4. Flaw fixed? by sploo22 · · Score: 3, Interesting

    One of WEP's biggest design flaws has been that all data is encrypted with the same key. Sure, there needs to be some shared secret for authentication, but the actual data transfer should use a negotiated key known only to the user and the AP. WEP is all right for authentication, but when it comes to security it's useless against other authenticated users.

    It wouldn't be a bad idea to use something like this for non-broadcase Ethernet either, now that I think of it.

    --
    Karma: Segmentation fault (tried to dereference a null post)
  5. 802.1x by Anonymous Coward · · Score: 3, Interesting

    Our network uses a 802.1x system with dynamic WEP keys.. the system requires you to re-authenticate (handled automatically by 802.1x client software) with a randomly generated key every 15 minutes.

    What is the real advantage to WPA here?

    1. Re:802.1x by ImaLamer · · Score: 4, Interesting
      Why not solve the problem by putting another line of authentication in place?

      My school *shudder* has access points in many of the labs but after a student said he was going to "hack" into it there was a simple warning:

      1. We know the MAC address to every computer in the building...
      2. We keep logs of MAC addresses that don't match our set (apparently he went around reprogramming the MAC addresses to a now defunkt card maker's line for easy log watching, except for one lab which was un-re-programmable)
      3. Breaking the WEP key is a crime, during the investigation we will try to track your MAC to you (hope you didn't pay with a credit card - your breaking into "protected" systems, in fact a federal crime)
      4. You can't get anywhere, you must authenticate through the NT (blah) server for network access
      5. It's pointless


      Really, it made sense. He simply stated that there was no point in getting a signal without access rights. The man's first job was to secure the wired network. Once the AP's were put in, it wasn't a problem.

      Could you run wild on your companies network by just plugging into the next available switch?

      If so, fix that problem first.

      --
      Get your Unix fortune now!
  6. AES protects entire frame by jonabbey · · Score: 4, Interesting

    I believe the AES implementation they are using actually does encrypt the ethernet (MAC) address, unlike WEP. (See Tying It All Together in this article for corroboration of that.)

    WPA2 with AES is the real deal.

    --
    - jon

    Ganymede, a GPL'ed metadirectory for UNIX
  7. So I have to upgrade...again? by Powertrip · · Score: 4, Interesting

    So this means to take advantage of the latest security, I would again have to upgrade all my AP's and Clients... $ $ $ When will this whole industry be commoditized enough that we have 'soft' radios for wireless (Like AC97 Audio) that allow us more flexibility in upgrading older hardware to newer standards? Heck, with a true soft-wireless chipset we could use one RF device for WiFi and Bluetooth and whatever they dream up next...