pp at ee.oulu.fi
Fri Nov 5 19:01:23 UTC 2004
On Fri, Nov 05, 2004 at 09:51:55AM -0800, Per Bjornsson wrote:
> On Fri, 2004-11-05 at 08:30, Dan Williams wrote:
> > > Shared Key auth is worse than no authentication/encryption at all.
> > > Anyone with a clue will be using Open System. I don't think we should
> > > put too much effort into making Shared Key easy to use.
> > Charles,
> > Why is it so much worse?
> Basically, apparently you can crack the encryption just by listening in
> on the handshake (as far as I have understood you get the plaintext
> challenge going across in one direction and then a the same thing
> encrypted send in the other direction - an absolute boon for code
> cracking, since WEP apparently is sensitive to known-plaintext attacks)
> instead of having to process many GB of data (well, you might not need
> that much for the 40/64-bit version, but 128-bit WEP does take a fair
> bit of data collecting to crack as far as I hav understood).
Blatant plug: http://www.wifipedia.org/index.cgi/WEP ;)
While we're at it xsupplicant/wpa_supplicant would be nice to have in
future releases. Unfortunately it's a bit of a "works with this card and
almost-but-not-quite with this one" thing. It is something that would
require initscripts/NetworkManager integration, so Extras might not be feasible
More information about the test