Re: Security. WPA?/-TKIP /-CCMP
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Fri, 05 Dec 2008 18:00:52 -0800
On Fri, 5 Dec 2008 13:35:24 -0800 (PST), Chrisjoy
<ultralibertarianer@xxxxxxxxx> wrote:
I cannot help myself from thinking 802.11, and even Wi-FI, is a pretty
immature technology while not making it mandatory to support unique
key for each connection.
I could fabricate a rather large list of things that I wouldn't mind
seeing mandatory. "Secure By Default" is my favorite mantra. As Mark
said, tight security was not on the agenda in 1997. The assumption
was that wireless was only going to be used indoors, over very limited
ranges, only for limited applications.
Actually, the IEEE has been working on throwing everything except the
kitchen sink either into 802.11 or grafted on as an extension. See
shopping list at:
<http://en.wikipedia.org/wiki/802.11>
Specially consider the fact that access
points already support RADIUS server,
Nope. Only a very small number of access points have built in RADIUS
servers. What they do is *SUPPORT* RADIUS services by pointing RADIUS
authorization and authentication requests to a real RADIUS server. It
kinda makes sense because the typical RADIUS server is far to big to
fit inside the commodity router. It's also common to share the RADIUS
server function among a large number of access points.
which means they already got CPU
power and enogh RAM to encrypt and decrypt connections using different
keys,
If you read anything about the various open source Linux mutations
that run on commodity routers, you'll find the lack of RAM is the
major limitation to installing features. Also, CPU horsepower is a
serious problem with processor intensive applications such as VPN.
When running such services, the number of users and thruput are
usually severely limited.
and where they fail is at as ridiculous place as the simple
task to make a DB handling keys and communicate them over a asymetric
encryption methode.
Actually, they usually fail when the MAC address table, ARP table, or
other RAM intensive table fills and crashes the access point.
Incidentally, it's quite possible to use a flat file database instead
of a full blown relational monster DBM for RADIUS, thus making it fit
better inside the limited RAM found in the router.
Only crazy ppl would do anything remotely
sensetive on such a connection,
Are you calling all my customers crazy? Most don't have the slightest
clue what's considered "sensitive" or should not be run over an
unencrypted session.
which makes straght 802.11 a toy for
kids.
I fail to see the logic, but you're entitled to your opinion. Works
nicely in the Wii so it must be a toy.
Not that I would dare to as much as remotely control a Markin
train using 802.11. I have to say, digging into 802.11 has been a
great disappointment.
With all due respect, I don't think you've done any digging into how
802.11a/b/g/n/i/k/etc works. Sure, there are problems, but they're
fairly minor compared to the 99.99% of the features and functions that
work as expected. Sure, it can be done better as one would expect
some progress in the last 10 years. Look at WiMax for an example of
how to do it right.
They who develope this line of products, are
they all kids finding communication without wire so fascinating they
forget to be serious, at all!?
Nope. The developers are all quite serious. You'll find a list of
names attached to the various 802.11 documents on the IEEE web site.
However, if you plan on continuing this discussion, you might find it
more productive to not insult those who are trying to answer your
questions.
Anyways, thanks for all your information and leads. I can now hurry
away to my conclucion. I will not use another dime supporting our
hotspot network, before there is an easy way to protect against
snffing. I do not consider setting up a RADIUS connection on the
client side to be easy.
It's trivial on the client side. It's the server side that's complex.
I will wait until the only information that
needs to be put into a client is a pass phrase after chosing an SSID
(with a signature fingerprint so that nobody can fake a trusty
network), and that's it. When this is done, everyone should be
protected from WLAN sniffing.
I've had rather bad luck getting clueless customers to use the
fingerprint readers on their laptops.
If the 802.11 guys are not able to do
this, they are not worth my time.
Not a problem. I'm sure your employer will appreciate your limited
efforts on their behalf.
Ten years of developement, and not
even solving this straight forward problem/solution, I would be
ashamed!
Yep. Now, roll back the clock to 1995 (when 802.11 was originally
inscribed) and try to remember what personal computing was like at the
time. I suspect that nobody could have predicted the current
technology and applications. It's now 2008. Could I trouble you to
tell me what security protocols, encryption technology, and
applications support will be required for the wireless products of
2018? Take your time.
--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@xxxxxxxxxxxxxxxxxxxxxx
# http://802.11junk.com jeffl@xxxxxxxxxx
# http://www.LearnByDestroying.com AE6KS
.
- Follow-Ups:
- Re: Security. WPA?/-TKIP /-CCMP
- From: Mark McIntyre
- Re: Security. WPA?/-TKIP /-CCMP
- From: Chrisjoy
- Re: Security. WPA?/-TKIP /-CCMP
- References:
- Security. WPA?/-TKIP /-CCMP
- From: Chrisjoy
- Re: Security. WPA?/-TKIP /-CCMP
- From: Jeff Liebermann
- Re: Security. WPA?/-TKIP /-CCMP
- From: Chrisjoy
- Re: Security. WPA?/-TKIP /-CCMP
- From: Jeff Liebermann
- Re: Security. WPA?/-TKIP /-CCMP
- From: Chrisjoy
- Re: Security. WPA?/-TKIP /-CCMP
- From: Jeff Liebermann
- Re: Security. WPA?/-TKIP /-CCMP
- From: Chrisjoy
- Security. WPA?/-TKIP /-CCMP
- Prev by Date: Re: NEWS: New trojan in mass DNS hijack
- Next by Date: Re: Security. WPA?/-TKIP /-CCMP
- Previous by thread: Re: Security. WPA?/-TKIP /-CCMP
- Next by thread: Re: Security. WPA?/-TKIP /-CCMP
- Index(es):
Relevant Pages
|
Loading
