WPA and 802.11i
Last Post: August 25, 2004:
-
All:
I highly recommend reading "Real 802.11 Security -- Wi-Fi Protected Access and 802.11i" by Edney and Arbaugh.
This is the best description of WEP, its various underutilized and misunderstood features, and why WEP failed, that I have read. The book does not describe the various after-market ways of making WEP "dynamic" but moves right on to WPA and 802.11i.
Herein I learned why stations may store up to not two but four "default" WEP keys; why key mapping WEP keys never caught on; why 40 bit WEP keys were more fashionable than 64, and 128 bit more fashionable than 104; that open authentication before association will never go away even though supplemented by higher layer authentication methods acting after association; and that client station preauthentication with additional access points will occur through the client station's current AP and the >>wired<< ports of those additional AP's rather than directly over the radio link!
I loved this statement: "Do not labor under the misconception that choosing an unusual SSID provides some sort of security. This is absolutely not the case." I feel the same way about not broadcasting the SSID. In my opinion these fig leaves are only popularly recommended because of the embarrassments of WEP.
It is time to leave the leaves behind and use the far superior coverings of WPA and, soon very soon, 802.11i.
Have a great day! /criss -
And on June 25th, 2004 WPA2 - 802.11i was born :-)
http://www.wi-fiplanet.com/news/article.php/3373441 -
http://csrc.nist.gov/wireless/S10_802.11i%20Overview-jw1.pdf
Good resource...written pre-spec but still well written -
Excellent read, detailed, yet clearly understandable ( except maybe for the math )
Highly recommended
- 1