New Protection for 802.11
David Wagner
daw at mozart.cs.berkeley.edu
Wed Nov 6 19:03:20 EST 2002
Perry E. Metzger wrote:
>Does anyone know details of the new proposed protocols?
WPA seems to be TKIP (a short-term improvement to WEP) + 802.1x (user
authentication, typically hooked into RADIUS?). The background is that
the IEEE 802.11i working group is developing two fixes to WEP: TKIP,
the short-term patch, and AES-CCMP, the long-term fix. TKIP isn't
perfect but it seems to be quite reasonable.
As far as I know, WPA should fix the cryptographic attacks on WEP.
However, as far as I can tell, we may still be left with key management
and "turning on the crypto" as the two most important issues in practice.
(It's probably too soon to know for sure.)
Of course, if you don't upgrade your equipment, you don't get the benefits
of WPA. However, it seems that the Wi-Fi consortium is claiming that in
some cases a software upgrade might be sufficient to get WPA support --
I'm not too clear on the details.
It's not clear to me if WPA products come with encryption turned on
by default. This is probably the #1 biggest source of vulnerabilities
in practice, far bigger than the weaknesses of WEP.
For a little more, see
http://www.weca.net/OpenSection/ReleaseDisplay.asp?TID=4&ItemID=118&StrYear=2002&strmonth=10
http://www.weca.net/OpenSection/pdf/Wi-Fi_Protected_Access_Overview.pdf
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list