Ok so you introduce your ridiculously hard to manage WPA passphrase that whilst it may be hard to crack OTA it can normally be defeated in a few seconds if a savvy user has physical access to a device using it?
In most cases just revealing the text of the passphrase is a single mouse click or device tap, which in my mind defeats the object?
WirelessKeyView: Recover lost WEP/WPA key/password stored by Wireless Zero Configuration service
There are tools out there and scripts to simply retrieve it from a currently logged in user session and email it back to the would be attacker.
Don't forget the key here is physical access.
Remember the passphrase only controls the encryption of the initial associations between client and network after which the encryption key is changing constantly and automatically controlled by your wireless hardware.
Once you have successfully joined a network the encryption is handled for you and virtually impossible to decipher as is. To compromise the system the attacker only has to join the same network as the target. Once joined, with no other barriers in place they own your system.
As has been stated so many times before WEP/WPA/WPA2 were not designed to be your primary means of network access control.
Yes make it strong enough to prevent occasional users and passers by to not want to waste their time trying or get into a situation where they may get associated to your wifi and be able to capture packet data as it passes OTA.
It should definitely NOT be used as the only way to control access to your network no matter how many bits you are using. You need to use a secondary method of access control.
Once initial passphrase has been exchanged use NAC or Radius methods to authorise the device. WPA whilst an essential stage of the entire wireless process is going to be a cumbersome method of control and your efforts would be better spent deploying a secondary security layer.
Sure at Home on your BT-Home hub protecting yourself from your neighbours a half decent WPA policy may be all you need to deter all but the most determined, but in some ways that complacency is also the weakness. You are a sitting target with all the time in the world to be hacked.
At some point all of my neighbours will have had their WPA keys compromised, their networks examined and in some cases their dubious video collections browsed.
In fact when you think about it, if WPA/WPA2 is your only means of network security you would need to be changing it on a regular basis!
You'd be surprised as to how many individuals and organisations are still using WEP, or scarily, in some cases - no encryption at all. In my home town when I'm out and about I usually find one or two with my netbook when I'm bored.
There are currently 1 users browsing this thread. (0 members and 1 guests)