Yes, TKIP cannot be relied upon. The PSK isn't widely publicised,
although it can't be assumed to be private. It's only given out to
people who have paid for the games console service, authenticated and
registered their console.
I don't pretend for a second that this is a high-security solution, but
it's all that the games consoles can do. It's a little better than using
an open network, though.
On 11/24/2010 07:41 PM, heath.barnhart wrote:
Wasn't TKIP broken recently? Don't remember for sure, but if it has, and
your PSK is public, then what security do you have?
Heath
On 11/24/2010 10:34 AM, Jonathan Gazeley wrote:
Hi Bruce,
We want to discourage use of the PSK network as much as possible. If
it's too easy to use, people will probably start using their laptops
with this instead of with the 802.1x network.
An open network doesn't provide any barrier to entry, nor any
encryption. Joe Public can wander past a student hall and sniff
traffic, which may be personal/sensitive since lots of games consoles
can now be used for Facebook, online purchases of Xbox points, etc.
Using widely-known PSK is not ideal, but it helps. It keeps outsiders
off, stops trivial sniffing of packets. Using TKIP, even if two users
are authenticated with the same key, they won't be able to read each
other's traffic in the clear.
I also think it's pretty confusing if we are doing MAC authentication
for registered console on an otherwise open network - it might look
broken for users and cause confusion.
Cheers,
Jonathan
On 24/11/10 12:15, Osborne, Bruce W wrote:
Jonathan,
We are just starting our migration from open/NAC network to 802.1x
with NAC.
For non-802.1X devices, what do you see as the advantages of WPA2-PSK
with a widely known key instead of open?
Obviously there is more work involved supporting the PAS, especially
when the key is changed.
Thanks,
Bruce Osborne
Wireless Design Engineer
Liberty University
-----Original Message-----
From: Jonathan Gazeley [mailto:[email protected]]
Sent: Tuesday, November 23, 2010 5:40 AM
Subject: Re: WPA2 Key Sharing
Hi Mike,
We use a WPA2-802.1x network wherever possible, but we do provide a
WPA2-PSK network for use with games consoles in halls of residence.
We built a home-grown system where a user has to register the MAC
address of their console in our web interface. The MAC is validated and
the user is given the WPA2 key on their screen. Only registered MAC
addresses can connect to the SSID.
We change the key once per academic year, since the vast majority of
students live in halls for just one year so it causes minimal
inconvenience to users.
Cheers,
Jonathan
----------------------------
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless& VPN Team
Information Services
University of Bristol
----------------------------
On 18/11/10 20:46, Hanson, Mike wrote:
Hello,
For those of you using WPA2 personal encryption on your wireless
network, how do you provide the encryption key to your end users? And
how often do you change the key?
Thank you for your input.
Mike Hanson
Network Security Manager
The College of St. Scholastica
Duluth, MN 55811
[email protected]<mailto:[email protected]>
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
