|
Actually, you have to collect 6,000,000
encrypted packets to crack 128-bit WEP in a passive attack.
That's not a couple hours, at least not on our network. But yes, I see the
point. WEP isn't secure.
Kevin
----- Original Message -----
Sent: Monday, October 13, 2003 1:43
PM
Subject: Re: [smartBridges] Auth
question
Almost correct - but keep in mind that all of these methods
are still vulnerable to the weak WEP key problem. By collecting
enough data (only a couple of hours worth) it is possible to decrypt the WEP
key (even the 128 bit version) and then connect to your network.
MAC authentication may keep them from associating unless they clone an
existing users MAC address - and they can still decode information in the
users data without associating once they have found the WEP key.
Current wireless security using WEP without any of the
various patches (LEAP, MIC, TKIP) doesn't do any more than keep the honest
people honest. AKAIK Smartbridges has not implemented any of the
workarounds for the WEP key problems.
Mark Radabaugh
Amplex
(419) 720-3635
----- Original Message -----
Sent: Monday, October 13, 2003 4:19
PM
Subject: RE: [smartBridges] Auth
question
Sorry for being such a dope on this...
Now I think I've
got it, but one more question:
When in OPEN - OPEN, the transmissions are
still encrypted, but no challenge is made?
So, this is why Shared is
a little less secure than Open...because someone listening to the
unencrypted challenge and resultant encrypted response from CPE
-theoretically- would be able to figure out the key. So, as long as
MAC authorization is enabled and all of my real customers' MAC addresses are
in the list, I can confidentally use the Open method without fearing that
illegal users would be able to get on the network if they don't have the
key.
On Fri, 2003-10-10 at 14:37, Seeni Mohamed wrote:
Hi
Sevak,
I am sorry about that if I confused.
As you mentioned, if your APPOs are in "OPEN" with
WEP keys enabled, then the CPE without these WEP keys will not be able to
communicate each other.
Here is the table for the
various authentication TYPE can be used with our sB devices. Please
remember that Authentication will be valid only if WEP encryption
enabled.
smartbridges
CPE
|
smartbridges
Access
point
|
Encryption
|
Associate
|
PING
|
Open
|
Open
|
64/128
|
Y
|
Y
|
Shared
|
Shared
|
64/128
|
Y
|
Y
|
Shared
|
Open
|
64/128
|
N
|
N
|
Open
|
Shared
|
64/128
|
N
|
N
|
Open
|
Both
|
64/128
|
Y
|
Y
|
Shared
|
Both
|
64/128
|
Y
|
Y
|
Both
|
Both
|
64/128
|
Y
|
Y
|
Here is the
difference between OPEN and SHARED keys.
OPEN
During the OPEN
key authentication, the CPE sends only the request and AP response and
process request based on the WEP encryption. With this authentication,
they key will be hidden and not shared among the devices.
SHARED
During the shared key authentication, the access point sends an
unencrypted challenge text string to any device attempting to communicate
with the access point. The device requesting authentication encrypts the
challenge text and sends it back to the access point. If the challenge
text is encrypted correctly, the access point allows the requesting device
to authenticate.
Kind regards,
Seeni
sB Tech support
[EMAIL PROTECTED]
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Sevak Avakians
Sent: Saturday, October 11,
2003 12:01 AM
To: [EMAIL PROTECTED]
Subject:
RE: [smartBridges] Auth question
Ok, I'm very confused by this authentication
thing now. I thought that OPEN meant that anyone without a matching
WEP key can connect and SHARED meant only those with a matching WEP key
can connect. But you are saying that OPEN means that they still need
a matching WEP key? Is this a typo? Does this mean if my APPOs
are in "OPEN" with WEP keys enabled, then customers without these WEP keys
will not be able to connect? If this is the case, then what's the
difference between OPEN and SHARED. Is it that the OPEN does not
bother encrypting after the first check to see if the CPE has the right
keys and SHARED always encrypts using those keys?
Please help a
lost soul!!!
Thanks,
Sevak
On Thu, 2003-10-09 at 15:16,
Seeni Mohamed wrote:
The AUTHENTICATION TYPE
option provided in the Advanced TAB for the purpose of WEP key encryption,
not for the wireless clients MAC authentication
OPEN SYSTEM allows any device to authenticate and
then attempt to communicate with the access point (null
authentication)
Using OPEN SYSTEM, any wireless device can
authenticate with the access point, but the device can only communicate if
its WEP keys match the access points.
Devices not using WEP do not
attempt to authenticate with an access point that is using WEP.
Best regards,
Seeni
sB Tech
support
[EMAIL PROTECTED]
-----Original Message-----
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Rick Kunze
Sent: Friday,
October 10, 2003 1:48 AM
To: [EMAIL PROTECTED]
Subject:
[smartBridges] Auth question
'scuse me if this has been covered, I just
joined.
Regarding an APPO, in the
Advanced tab under Authentication Type:
If one selects
OPEN SYSTEM, does that permit clients to associate even if
their mac address isn't in the Client Auth table, or is it that
they must
still be mac authorized yet are allowed if they don't
have the WEP key?
Thanks.
Rk
----------ANNOUNCEMENT----------
Don't forget to register for
WISPCON IV
http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm
The PART-15.ORG smartBridges Discussion
List
To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe
smartBridges <yournickname>
To Remove:
mailto:[EMAIL PROTECTED] (in the body type unsubscribe
smartBridges)
Archives: http://archives.part-15.org
|
