wi-fi security?

[jason]

Brian wrote:
> On Thu 06 Aug 2009 at 11:38:02 -0400, jason wrote:
> 
>> WPA, on the other hand, only requires a few seconds of data collection 
>> to force, then grab the authentication handshake.  Then it's just a 
>> matter of horsepower and how strong your passphrase is.  Keep in mind, 
>> this is a brute force against the passphrase, _not_ AES.
>>
>> Summary, use WPA, but make sure you choose a strong passphrase.  Or, if 
>> you're motivated, roll your own enterprise scheme with openradius, etc.
> 
> I hadn't realised how easy it could be to capture the handshake but, because it
> is the strength of the passphrase that matters, it seems to be only a minor
> downside to WPA. You also imply there is no particular advantage in TKIP vs AES
> or WPA vs WPA2 in this regard.
> 

Correct.  Because the aircrack is guessing passphrases, not 
brute-forcing the algo.

> Some day I may try to crack the 63 character passphrase on my own WAP for fun,
> but suspect I may not be around when it completes successfully.
> 

Do you ever notice wifi connectivity drop-outs?  If so, you may want to 
drop down to a <=32 character passphrase, or try an enterprise solution 
(openradius, etc).  I find some WAP vendors make assumptions when 
optimizing their embedded crypto routines.  One of those assumptions 
usually involves passphrase length.  Anything over the assumed max 
length bogs down the WAP, or worse, crashes it.

If you don't have dropouts in your current configuration, would you mind 
letting me know make/model/version of the WAP you're using?

thx,

Jason.