Forum

Hi Glenn:

Your "Take Control of Your Wi-Fi Security" published this month, September 2005, is very well done. Everyone interested in the subject should acquire a copy at http://www.takecontrolbooks.com/wifi-security.html

In your next edition you will have an opportunity to correct several very popular misunderstandings concerning IEEE 802.11 and Wi-Fi Alliance security terms.

Misunderstanding #1: WPA allows for a plain-text password called the Pre-Shared Key (PSK).

IEEE 802.11i amendment section H4 suggests one way to derive a fixed length 64 character hexadecimal PSK from an ASCII pass-phrase of between 8 and 63 characters. Virtually all vendors have implemented the suggestion. Nonetheless the humanly convenient pass-phrase is not the PSK. Since some vendors allow the direct entry of PSK it is important to know the difference.

Generating a random 64 octet hexadecimal string and pasting it into appropriate configuration screens, if allowed by the vendor, provides a PSK of strength equal to automated key management with an AAA server. Generating a random 63 octet ASCII string and pasting it provides the next best alternative. Confusing the pass-phrase and the PSK prevents customers from realizing these choices.

For the record the key derivation process has several more steps. The PSK becomes the PMK (master). After this point it doesn't matter whether the PMK came from a PSK or from an AAA server. Lastly the PTK (temporal) is periodically derived from the PMK and is used for actual encryption and decryption.

Misunderstanding #2: WPA2 does not have the problem with short, dictionary word based pass-phrases that WPA has.

IEEE 802.11 defines PSK, and suggests how to derive the PSK from a pass-phrase, without regard for the chosen RSNA cipher suite, TKIP or CCMP. The dictionary attack problem for short pass-phrases is documented in IEEE 802.11i amendment section H.4.1 and is considered a compromise for humans unlikely to create and enter 64 character hexadecimal strings.

The problem with short pass-phrases is not magically fixed when PSK is used with CCMP. Blaming WPA for this problem may sell more WPA2 equipment, or may keep people using WEP (or using no encryption) who would otherwise upgrade to and use WPA.

Misunderstanding #3: WPA is not TKIP, and WPA2 is not CCMP.

The IEEE 802.11i amendment defines four cipher suites, WEP-40, WEP-104, TKIP, and CCMP. Since that amendment the Wi-Fi Alliance has introduced four new brands -- WPA-Personal, WPA-Enterprise, WPA2-Personal, and WPA2-Enterprise.

Devices carrying any of the four new Wi-Fi Alliance brands likely support both WEP-40 and WEP-104 with static key management. In this sense all four brands are "backwardly compatible".

WPA-Personal branded devices include TKIP and static key management for TKIP. WPA-Enterprise branded devices add 802.1X/EAP based automatic key management for TKIP.

WPA2-Personal branded devices include TKIP and CCMP, and static key management for TKIP and CCMP. WPA2-Enterprise branded devices add automatic key management for TKIP and CCMP.

Although this may be what the WPA and WPA2 brands mean technically, the Wi-Fi Alliance literature speaks of WPA in terms of the features provided by TKIP and speaks of WPA2 in terms of the features provided by CCMP, even though other cipher suites are supported in the same box. Following this lead, vendors have taken to using the four WPA brand names as shorthand for configuration choices. In this context the brand name means not which features are included in the device but rather which features are enabled. Thus WPA=TKIP, WPA2=CCMP, Personal=PSK, and Enterprise=802.1X/EAP.

I hope this helps. Thanks. /criss

I went through Criss's post thoroughly, and I must concur with each bullet point. I didn't find any issues with Criss's statements.

Devinator