Hams Report 85-mile 802.11b File Transfers @ Oregon
Roy S. Rapoport
rsr at inorganic.org
Wed Apr 14 16:01:13 PDT 2004
On Wed, Apr 14, 2004 at 03:23:26PM -0700, Mark C. Langston wrote:
> Since it hardly ever gets mentioned, except as a "secure substitute" for
> WEP, I'll point out that WPA is also broken, in a manner somewhat
> similar to WEP:
>
> http://www.icsalabs.com/html/communities/WLAN/wp_SimpleSecrets.pdf
>
> (note that the weakness is related to choosing simplistic keys for WPA
> and is not due to ISV problems as WEP is).
If I read the document correctly, then you're OK as long as your
pre-shared key is, in fact, a good one. In other words, WPA is broken in
much the same way that Linux is HIGHLY VULNERABLE because users sometimes
pick stupid passwords.
Solution: DON'T PICK STUPID PASSWORDS. When appropriate and necessary
(such as in the case of Wifi), don't let your users pick the password.
A competent sysadmin should be able to whip something together out of
perl/python/shell that will give him 256 bits of pseudo-randomness (no, not
in the technical definition of 'random', of course, but more in the "not
'thisismystupidpassword' sense").
> For the truly paranoid, you may assume all hosts have already been
> compromised, and take steps to ensure data integrity and service
> continuity.
Pshaw. That's really naive and trusting.
For the truly paranoid, turn off your systems and go live under a rock.
When someone comes near, throw that rock at them. Then, find another rock.
Repeat as necessary.
-roy
More information about the Baylisa
mailing list