Security Basics mailing list archives
Re: wpa2-psk aes
From: marco gregorio <gregomarco () gmail com>
Date: Tue, 22 Feb 2011 18:35:01 +0100
hi, thanks for your reply. one more question just to clarify. although the PSK is known, the re-key mechanism should grant a private and secure connection between client and AP as Vito confirms. moreover, by setting that interval to a reasonable low value, the chances to decrypt a whole client's session should become scarce even if the PSK is known. would be possible to elaborate a little bit more on that?
I actually would like to dig further into your issue, do you want to make each peer secure from each other, or you want the partecipants to be securely isolated from external intrusion? Using a PSK eases from using a pki infrastructure in order to have a safe key exchange. The point is: authentication. Diffie helmann exchanges keys but it's peer authentication-less: discarded. The way is key exchange through RSA (SSL does it). The use of a psk assumes that who knows the psk is trusted, as soon as the AES takes place, the key is recalculated over again, so just take the PSK as a secure way of beginning the session. HTH -- Marco Gregorio key fingerprint: 0189 83E0 8CE2 84F9 ACC1 CC96 FCBF 3D5E 6F48 07D0 Email: echo "lwjltrfwhtElrfnq3htr" | perl -pe 's/(.)/chr(ord($1)-5)/ge' ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- wpa2-psk aes thinkofit (Feb 17)
- Re: wpa2-psk aes vito . nozza (Feb 18)
- Message not available
- Re: wpa2-psk aes Antonio Prado (Feb 22)
- Re: wpa2-psk aes marco gregorio (Feb 22)
- Re: wpa2-psk aes Antonio Prado (Feb 22)
- <Possible follow-ups>
- Re: wpa2-psk aes walterj89 (Feb 18)
- Re: wpa2-psk aes Antonio Prado (Feb 22)
- Re: wpa2-psk aes thinkofit (Feb 23)