Re: What can WPA/WPA2 use for Encryption

[Jon Janego <jonjanego () gmail com>]

Yes, 802.1X is used instead of the PSK.  Authentication to the network
is accomplished through an EAP tunnel, after which the PMK (Pairwise
Master Key) is distributed dynamically to the client through an
encrypted tunnel.

With the PSK implementation of WPA, the PMK is generated with the help
of the Pre-Shared Key.  802.1X is more secure because the PMK is
distributed through an encrypted tunnel (rather than deriving it by a
shared passphrase) and it is generated anew every 65536 packets,
eliminating the chance of a replay attack.

Also you have it slightly confused - AES is the encryption algorithm
used with WPA2.  TKIP is used in WPA.

On Tue, Aug 25, 2009 at 12:46 PM, martin<martiniscool () gmail com> wrote:
> Jon & Israel
>
> Thanks so much for your replies & the links - you've both helped me
> understand the whole thing alot better
>
> Unfortunately the encryption will be between 2 "microwave" APs so unless
> they have a RADIUS server built in u guess I'm stuck with PSK & AES at best
>
> Just one question - I understood from Chris AES is the only encryption
> method available with WPA - so how then could I use PKI instead. Or would
> PKI take the place of PSK & if so, how ?  Isn't PKI escentially "encrypt
> with A, decrypting with B" where A is public & B is confidential. Or am I
> missing a trick here ?
>
> Tks
> Martin
>
>
>
>
>
>
>
> On 25 Aug 2009, at 18:02, Jon Janego <jonjanego () gmail com> wrote:
>
> > 1) Yes, absolutely.  It will still use TKIP (WPA) or AES (WPA2) as the
> > encryption algorithm, but setting up PKI to work on a WPA network is
> > straightforward and creates an even better method of security than
> > PSK.  Here's a decent overview:
> >
> > http://www.wi-fiplanet.com/tutorials/article.php/3759926
> >
> > 2) Microwave connectivity as you're describing is generally a
> > dedicated line-of-sight point to point network.  However "microwave"
> > covers a decent size of the wireless spectrum so there's several
> > different technologies that could be in use.  Without knowing more
> > about your implementation it's hard to say.
> >
> >
> > On Tue, Aug 25, 2009 at 9:41 AM, martin<martiniscool () gmail com> wrote:
> > > Hi all
> > >
> > > We're in the process of installing a leased line between 2 offices which
> > > are
> > > isolated in the country side. The leased line uses "microwave"
> > > connectivity
> > > ... apparently. And uses WPA/WPA2 for encryption
> > >
> > > I have 2 questions:
> > > 1. Can WPA/WPA2 encrypt traffic using any method other than a
> > > pre-shared-key
> > > ?  If so then what ??!!  My boss seems to think it can but I don't see
> > > how.
> > >  Can it use PKI for example ?
> > >
> > > 2. Technically a network question rather than a security question, but
> > > what
> > > exactly is microwave connectivity ?  Is it just Wi-Fi by another name ?
> > >  Is
> > > it part of the 802.11 standard ?
> > >
> > > The 2nd question isn't so important, but I'm curious about the first one
> > > !!
> > >
> > > Thanks
> > > M
> > >
> > > ------------------------------------------------------------------------
> > > Securing Apache Web Server with thawte Digital Certificate
> > > In this guide we examine the importance of Apache-SSL and who needs an
> > > SSL
> > > certificate.  We look at how SSL works, how it benefits your company and
> > > how
> > > your customers can tell if a site is secure. You will find out how to
> > > test,
> > > purchase, install and use a thawte Digital Certificate on your Apache web
> > > server. Throughout, best practices for set-up are highlighted to help you
> > > ensure efficient ongoing management of your encryption keys and digital
> > > certificates.
> > >
> > >
> > > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > > ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------