Security Basics mailing list archives
Re: What can WPA/WPA2 use for Encryption
From: Jon Janego <jonjanego () gmail com>
Date: Tue, 25 Aug 2009 13:03:17 -0500
Yes, 802.1X is used instead of the PSK. Authentication to the network is accomplished through an EAP tunnel, after which the PMK (Pairwise Master Key) is distributed dynamically to the client through an encrypted tunnel. With the PSK implementation of WPA, the PMK is generated with the help of the Pre-Shared Key. 802.1X is more secure because the PMK is distributed through an encrypted tunnel (rather than deriving it by a shared passphrase) and it is generated anew every 65536 packets, eliminating the chance of a replay attack. Also you have it slightly confused - AES is the encryption algorithm used with WPA2. TKIP is used in WPA. On Tue, Aug 25, 2009 at 12:46 PM, martin<martiniscool () gmail com> wrote:
Jon & Israel Thanks so much for your replies & the links - you've both helped me understand the whole thing alot better Unfortunately the encryption will be between 2 "microwave" APs so unless they have a RADIUS server built in u guess I'm stuck with PSK & AES at best Just one question - I understood from Chris AES is the only encryption method available with WPA - so how then could I use PKI instead. Or would PKI take the place of PSK & if so, how ? Isn't PKI escentially "encrypt with A, decrypting with B" where A is public & B is confidential. Or am I missing a trick here ? Tks Martin On 25 Aug 2009, at 18:02, Jon Janego <jonjanego () gmail com> wrote:1) Yes, absolutely. It will still use TKIP (WPA) or AES (WPA2) as the encryption algorithm, but setting up PKI to work on a WPA network is straightforward and creates an even better method of security than PSK. Here's a decent overview: http://www.wi-fiplanet.com/tutorials/article.php/3759926 2) Microwave connectivity as you're describing is generally a dedicated line-of-sight point to point network. However "microwave" covers a decent size of the wireless spectrum so there's several different technologies that could be in use. Without knowing more about your implementation it's hard to say. On Tue, Aug 25, 2009 at 9:41 AM, martin<martiniscool () gmail com> wrote:Hi all We're in the process of installing a leased line between 2 offices which are isolated in the country side. The leased line uses "microwave" connectivity ... apparently. And uses WPA/WPA2 for encryption I have 2 questions: 1. Can WPA/WPA2 encrypt traffic using any method other than a pre-shared-key ? If so then what ??!! My boss seems to think it can but I don't see how. Can it use PKI for example ? 2. Technically a network question rather than a security question, but what exactly is microwave connectivity ? Is it just Wi-Fi by another name ? Is it part of the 802.11 standard ? The 2nd question isn't so important, but I'm curious about the first one !! Thanks M ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- What can WPA/WPA2 use for Encryption martin (Aug 25)
- Re: What can WPA/WPA2 use for Encryption John Morrison (Aug 26)
- Re: What can WPA/WPA2 use for Encryption Jared Curtis (Aug 26)
- Re: What can WPA/WPA2 use for Encryption Israel Junior (Aug 26)
- Re: What can WPA/WPA2 use for Encryption Michael Painter (Aug 26)
- Message not available
- Re: What can WPA/WPA2 use for Encryption martin (Aug 26)
- Re: What can WPA/WPA2 use for Encryption Jon Janego (Aug 26)
- Re: What can WPA/WPA2 use for Encryption martin (Aug 26)
- <Possible follow-ups>
- Re: What can WPA/WPA2 use for Encryption martin (Aug 26)