[Cryptography] Current state of WPA2 security for IoT access ?
David Johnston
dj at deadhat.com
Tue Apr 26 23:09:25 EDT 2016
On 4/26/16 4:49 PM, Christian Huitema wrote:
> For human friendly networks, the solution is to move away from WPA2
> and use an 802.1X based solution. PEAP + MSCHAPv2 using a common
> identity and a common pass phrase would work just fine.
802.1X is a component of WPA2. WPA2 includes the 802.11 transport for
EaPOL, EAP, the key agreement protocol and the CCM link cipher.
PSK is an option for those not wanting to deploy EAP, RADIUS and all
that malarky (I.E. everybody except us). 802.1X is included by
reference. It exists independently of WPA[n] or 802.11.
If I remember right (since I am one of the many authors), it would be
called an RSN (Robust Secure Network) to distinguish it from WPA that
was part of a TSN (A transitional secure network) because the TSN had
TKIP and indeed its security was transitional.
WPA and WPA2 are marketing names from the WiFi alliance, rather than
terms in the 802.11 specification.
PEAP on its own is not an 802.11 security protocol. It doesn't have the
link cipher, key agreement or bindings to layer 2.
More information about the cryptography
mailing list