+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 17 of 17
Wireless Networks Thread, WPA Passphrase Strength. Issues? in Technical; Ok so you introduce your ridiculously hard to manage WPA passphrase that whilst it may be hard to crack OTA ...
  1. #16

    m25man's Avatar
    Join Date
    Oct 2005
    Romford, Essex
    Thank Post
    Thanked 463 Times in 338 Posts
    Rep Power
    Ok so you introduce your ridiculously hard to manage WPA passphrase that whilst it may be hard to crack OTA it can normally be defeated in a few seconds if a savvy user has physical access to a device using it?

    In most cases just revealing the text of the passphrase is a single mouse click or device tap, which in my mind defeats the object?
    WirelessKeyView: Recover lost WEP/WPA key/password stored by Wireless Zero Configuration service
    There are tools out there and scripts to simply retrieve it from a currently logged in user session and email it back to the would be attacker.
    Don't forget the key here is physical access.

    Remember the passphrase only controls the encryption of the initial associations between client and network after which the encryption key is changing constantly and automatically controlled by your wireless hardware.
    Once you have successfully joined a network the encryption is handled for you and virtually impossible to decipher as is. To compromise the system the attacker only has to join the same network as the target. Once joined, with no other barriers in place they own your system.

    As has been stated so many times before WEP/WPA/WPA2 were not designed to be your primary means of network access control.
    Yes make it strong enough to prevent occasional users and passers by to not want to waste their time trying or get into a situation where they may get associated to your wifi and be able to capture packet data as it passes OTA.

    It should definitely NOT be used as the only way to control access to your network no matter how many bits you are using. You need to use a secondary method of access control.

    Once initial passphrase has been exchanged use NAC or Radius methods to authorise the device. WPA whilst an essential stage of the entire wireless process is going to be a cumbersome method of control and your efforts would be better spent deploying a secondary security layer.

    Sure at Home on your BT-Home hub protecting yourself from your neighbours a half decent WPA policy may be all you need to deter all but the most determined, but in some ways that complacency is also the weakness. You are a sitting target with all the time in the world to be hacked.

    At some point all of my neighbours will have had their WPA keys compromised, their networks examined and in some cases their dubious video collections browsed.
    In fact when you think about it, if WPA/WPA2 is your only means of network security you would need to be changing it on a regular basis!

  2. #17

    tech_guy's Avatar
    Join Date
    May 2007
    That little bit in the middle of Little Old England
    Thank Post
    Thanked 1,345 Times in 743 Posts
    Blog Entries
    Rep Power
    You'd be surprised as to how many individuals and organisations are still using WEP, or scarily, in some cases - no encryption at all. In my home town when I'm out and about I usually find one or two with my netbook when I'm bored.

+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Linux Format, January Issue
    By kingswood in forum *nix
    Replies: 11
    Last Post: 5th December 2005, 11:02 AM
  2. Squid issues new install
    By ChrisH in forum *nix
    Replies: 5
    Last Post: 10th November 2005, 03:09 PM
  3. Gentoo issues
    By _Bob_ in forum *nix
    Replies: 1
    Last Post: 31st October 2005, 02:29 PM
  4. Exchange 2003 and Server 2003 SP1 issue.
    By tosca925 in forum Windows
    Replies: 0
    Last Post: 21st August 2005, 10:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts