Hams Report 85-mile 802.11b File Transfers @ Oregon

• Previous message: Hams Report 85-mile 802.11b File Transfers @ Oregon
• Next message: Hams Report 85-mile 802.11b File Transfers @ Oregon
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 14, 2004 at 03:23:26PM -0700, Mark C. Langston wrote:
> Since it hardly ever gets mentioned, except as a "secure substitute" for
> WEP, I'll point out that WPA is also broken, in a manner somewhat
> similar to WEP:
> 
> http://www.icsalabs.com/html/communities/WLAN/wp_SimpleSecrets.pdf
> 
> (note that the weakness is related to choosing simplistic keys for WPA
> and is not due to ISV problems as WEP is).

If I read the document correctly, then you're OK as long as your
pre-shared key is, in fact, a good one.  In other words, WPA is broken in
much the same way that Linux is HIGHLY VULNERABLE because users sometimes
pick stupid passwords.

Solution:  DON'T PICK STUPID PASSWORDS.  When appropriate and necessary
(such as in the case of Wifi), don't let your users pick the password.

A competent sysadmin should be able to whip something together out of
perl/python/shell that will give him 256 bits of pseudo-randomness (no, not
in the technical definition of 'random', of course, but more in the "not
'thisismystupidpassword' sense"). 

> For the truly paranoid, you may assume all hosts have already been
> compromised, and take steps to ensure data integrity and service
> continuity.

Pshaw.  That's really naive and trusting.

For the truly paranoid, turn off your systems and go live under a rock.
When someone comes near, throw that rock at them.  Then, find another rock.
Repeat as necessary.

-roy

• Previous message: Hams Report 85-mile 802.11b File Transfers @ Oregon
• Next message: Hams Report 85-mile 802.11b File Transfers @ Oregon
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]