[Dshield] My graphics guy sent me the following message this morning...

John Holmblad jholmblad at aol.com
Sun Feb 8 17:42:05 GMT 2004


Stephane,

good points. Let me add that with the latest wireless security standard 
802.11i and the subset of that standard known as Wireless Protected 
Access (TM) it is possible to secure a wireless channel and provide 
mutual authentication (client to AP and AP to client) in a way that is 
very robust from a cryptographic perspective.  Well deserved kudos 
should be given to the engineers who fixed the broken WEP standard and, 
so far, at least, seem to have satisfied cryptologists that WPA is very 
secure in its design for both authentication and for data transport. Of 
course with any new crypto method only time will tell if WPA has any as 
yet undiscovered flaws, but it looks to me like a good case of engineers 
snatching victory with WPA & 802.11i  from the jaws of technological 
defeat of WEP. The beauty of their work derives from making the 
re-engineered crypto method, called Temporal Key Integrity Protocol or 
TKIP, downward compatible with most of the RC4  hardware crypto engines 
already extant in the world's 802.11 wireless networking equipment.  Now 
it is up to the world's users of 802.11 to start securing their networks 
using this new standard, which, for many users will require

    a) updating firmware and software in their wireless client cards and 
Access Points,

and

    b)  investing in Radius infrastructure if they have not already done 
so for for other purposes in order to provide mutual authentication of their
         AP's & clients,

so that the FUD (well justified)  surrounding 802.11 wireless and WEP 
can eventually abate once the new standard is proven out in practice. 
WPA also supports a mode called pre-shared key that, although it does 
not scale to large installations, does eliminate the requirement for a 
RADIUS server.

For anyone who wants to learn more about 802.11i I recommend the 
following text:

Real 802.11 Security: Wi-Fi Protected Access and 802.11i 
</exec/obidos/ASIN/0321136209/qid=1076260650/sr=2-1/ref=sr_2_1/102-6544091-3562564> 
-- by Jon Edney (Author), William A. Arbaugh (Author); Paperback

 
-- 

Best Regards,

 

John Holmblad

 

Televerage International

 

(H) 703 620 0672

(M) 703 407 2278

(F) 703 620 5388

 

www page:                      www.vtext.com/users/jholmblad

primary email address: jholmblad at aol.com

backup email address:  jholmblad at verizon.net

 

text email address:         jholmblad at vtext.com




More information about the list mailing list