Michael Weinberg wrote: > WPA Personal or WPA-PSK uses a pre-shared key, ala WEP, though with > more restrictions and a not trivial key generation method. As I > understand it, WPA uses TKIP encryption and WPA2 uses AES encryption.
TKIP does use WEP keys but as its temporal name implies, they're not static. Also, WPA2 can use either TKIP or CCMP (AES). > Some systems allow you to choose WPA/WPA2 modes, which obviate the > need to match versions. Most vendors call this "backwards compatibility" mode which allows both WPA and WPA2 clients to connect. > WPA Enterprise relies on a radius database while providing the same > encryption methods. Adding an EAP stack is only secure if your end users aren't allowed to use stupid passwords. > since any system that uses a shared key is only as secure as the > lips of every person you give that key to. It's true that pre-shared key is susceptible to brute force attacks but it's a lot harder than cracking WEP keys. q.v. http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access#Security_in_pre-shared_key_mode > I would also consider them all to be inferior security options > when compared to end-to-end encryption of data you want to keep > secret. On the other hand, conciously liberal use of SSL, SSH, and other application layer encryption goes a long ways on an open network without the layer 2 overhead. And if you block ports like 20, 21, 23, 25, 110, 143, etc. then you'll be doing your users a favor in the long run so long as you're prepared to educate them on the use of non-plaintext services. FWIW, the largest number of WPA networks I've seen in Portland are mostly downtown. But I've seen more and more popping up in residential areas over the last couple of years. -Gary --~--~---------~--~----~------------~-------~--~----~ The Personal Telco Project - http://www.personaltelco.net/ Donate to PTP: http://www.personaltelco.net/donate Archives: http://news.gmane.org/gmane.network.wireless.portland.general/ Etiquette: http://www.personaltelco.net/index.cgi/MailingListEtiquette List information: http://lists.personaltelco.net To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] -~----------~----~----~----~------~----~------~--~---
