wi-fi security?

[jason]

Brian wrote:
> On Thu 06 Aug 2009 at 10:53:05 -0300, Derek Broughton wrote:
> 
>>                                      but the basic security on the transport 
>> should be WPA (which is crackable, too, but considerably harder than WEP).
> 
> This is not the first time I have seen a reference to WPA being crackable but
> I've yet to see techniques (as one gets with WEP) detailing how it is achieved.
> Does 'considerably harder' involve a time frame of tens of thousands of years
> when a strong passphrase is used?
> 

First, it's important to clarify that the attacks against WEP are 
statistical attacks against a weak implementation of RC4.  The attacks, 
so far, against WPA are brute force dictionary attacks.

It doesn't matter what passphrase you choose, WEP can be cracked with 
10-20 minutes of data collection, and then about a minute of running 
aircrack on said data.

WPA, on the other hand, only requires a few seconds of data collection 
to force, then grab the authentication handshake.  Then it's just a 
matter of horsepower and how strong your passphrase is.  Keep in mind, 
this is a brute force against the passphrase, _not_ AES.

Summary, use WPA, but make sure you choose a strong passphrase.  Or, if 
you're motivated, roll your own enterprise scheme with openradius, etc.

Also, none of this applies to hotspots, where something like openvpn is 
your best bet.  ;-)

hth,

Jason.