[Dshield] Wireless broadcasts

Aaron Lewis aaron at adldatacomm.net
Wed Jun 29 15:10:02 GMT 2005


Correct. A passwords should never be based on a word, name or place anyway.
That's one of the first things *nix yells about. LOL. I learned that back on
Red Hat 4.0.

Seriously all passwords, not just keys, should be long and complex, never
based on a dictionary word.

> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org]On Behalf Of Michael Cox
> Sent: Wednesday, June 29, 2005 1:21 AM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Wireless broadcasts
>
>
> For a) below I would add that WPA-PSK is vulnerable to an offline
> dictionary attack, so the PSK should be long and complex.
>
> See also:
> http://wifinetnews.com/archives/002452.html
> http://www.informit.com/articles/article.asp?p=369221
>
>
> On Tue, 2005-06-28 at 16:10 -0400, John B. Holmblad wrote:
> > Aaron,
> >
> > a WPA or WPA2 compliant device, by definition, supports two
> alternative
> > modes for authentication:
> >
> >     a) pre-shared key authentication mode which is secure but not
> >     scalable because it requires the sysadmin to install
> the pre-shared
> >     key in each device (Access Point or client/supplicant)
> that is to be
> >     secured. The major benefit of this mode of operation is that the
> >     wireless medium can be secured without the need for an
> >     authentication server such as Microsoft IAS or some other RADIUS
> >     type of server that also supports necessary 802.11i
> protocol components.
> >
> >     b) 802.1X authentication mode which is both secure AND scalable
> >     because it makes use of an authentication server/service such as
> >     that provided by RADIUS with the necessary 802.11i
> protocol support.
> >
> > Best Regards,
> >
> > John Holmblad
> >
> > Televerage International
> > GSEC,GCWN,GGSC-0100,NSA-IAM
> >
> > (H) 703 620 0672
> > (M) 703 407 2278
> > (F) 703 620 5388
> >
> > primary email address:     jholmblad at aol.com
> > backup email address:      jholmblad at verizon.net
> >
> >
> > _______________________________________________
> > send all posts to list at lists.dshield.org
> > To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list