[Cryptography] Current state of WPA2 security for IoT access ?

RB aoz.syn at gmail.com
Wed Apr 27 10:30:06 EDT 2016


On Tue, Apr 26, 2016 at 5:49 PM, Christian Huitema <huitema at huitema.net> wrote:
> There are two problems:
>
> 1) WPA2 is a pass-phrase based. Easy-to-memorize pass phrases created by and for humans can be cracked by a dictionary attacks.

To be precise, WPA[2]-Personal is passphrase based.

> For human friendly networks, the solution is to move away from WPA2 and use an 802.1X based solution. PEAP + MSCHAPv2 using a common identity and a common pass phrase would work just fine.

Perhaps you intended to espouse WPA[2]-Enterprise and to move away
from WPA2-PSK, not WPA2 in general?  WPA[2] is the state of the art as
far as 802.11 encryption is concerned, there's just a distinction on
the authentication mechanism and its susceptibility to specific
attacks.

Of course, if you provision all of your devices with a common identity
and passphrase, while physical compromise may not reveal the network
key, you've just made yourself a hard problem of revoking compromised
credentials and evicting an intruder from your network.
Administrative overhead now or administrative overhead later.


More information about the cryptography mailing list