[Dshield] Wireless broadcasts

Michael Cox mscox at ti.com
Wed Jun 29 05:21:12 GMT 2005


For a) below I would add that WPA-PSK is vulnerable to an offline
dictionary attack, so the PSK should be long and complex.

See also:
http://wifinetnews.com/archives/002452.html
http://www.informit.com/articles/article.asp?p=369221


On Tue, 2005-06-28 at 16:10 -0400, John B. Holmblad wrote:
> Aaron,
> 
> a WPA or WPA2 compliant device, by definition, supports two alternative 
> modes for authentication:
> 
>     a) pre-shared key authentication mode which is secure but not
>     scalable because it requires the sysadmin to install the pre-shared
>     key in each device (Access Point or client/supplicant) that is to be
>     secured. The major benefit of this mode of operation is that the
>     wireless medium can be secured without the need for an
>     authentication server such as Microsoft IAS or some other RADIUS
>     type of server that also supports necessary 802.11i protocol components.
> 
>     b) 802.1X authentication mode which is both secure AND scalable
>     because it makes use of an authentication server/service such as
>     that provided by RADIUS with the necessary 802.11i protocol support. 
> 
> Best Regards,
> 
> John Holmblad
> 
> Televerage International
> GSEC,GCWN,GGSC-0100,NSA-IAM
> 
> (H) 703 620 0672
> (M) 703 407 2278
> (F) 703 620 5388
> 
> primary email address:     jholmblad at aol.com
> backup email address:      jholmblad at verizon.net
> 
> 
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list


More information about the list mailing list