| Who | When |
Messages | |
|
|
|
|
|
Aaron Swartz
|
4
|
 |
|
11-04-2002 11:29 AM ET (US)
|
|
Ugh, when will these people get a clue?
If past experience is anything to judge by, their new authentication system will be riddled with cryptographic holes. But even if it isn't, it doesn't sound like this fixes the fundamental problem that if you ever need to change the password to your network, you have to tell everyone the new password at once, which is basically impossible in the real world.
Why can they just use well-tested public key encryption, like everyone else? For authentication, you simply keep a list of public keys allowed on the network.
|
| roadknight
|
3
|
|
|
10-31-2002 04:44 PM ET (US)
|
|
Edited by author 10-31-2002 04:46 PM
At best this is "VPNs for business, WEP renamed for the home".
More likely, it's just warmed over WEP for both.
"Automatically distributing special encryption keys" isn't impossible. Linux FreeS/WAN and SSH do this, first during the initial connection and then periodically throughout the life of the connection.
Something tells me that they(WFA) will fuck it up though.
Nowhere in all this fluff do I see any REAL change WRT the short-IV bug in WEP.
|
| robertl30
|
2
|
|
|
10-31-2002 02:53 PM ET (US)
|
|
You use per session WEP keys distributed by, what else, a key management server. Read up on Cisco's LEAP technology which forms the foundation of the WEP replacement: 802.11i. 802.11i fixes everything. Really. I read it in Cisco's marketing materials.
|
| jleader
|
1
|
|
|
10-31-2002 02:29 PM ET (US)
|
|
How exactly do you "automatically distribute special encryption keys" in a corporate environment? Does it use some pre-existing network authorization scheme? I mean, somehow my laptop has to be given something to say that it's allowed on the network, right?
It sounds like at least in the home environment they're using a short password to generate longer encryption keys, which defeats the point of using a long key in the first place. Don't most WEP implementations already support ASCII pass-phrases in place of hex keys?
Also, why do they think that in a home network "there are no network servers"? What about all those SOHO AP/firewall/switch/print server boxes?
And of course all WPA devices are going to have to interoperate with existing WEP devices, anyway.
I suspect this is just a name change and hand-waving to try to dispel the FUD about how wireless is so insecure. I'm sure we'll start seeing press releases about how WPA prevents the evils of war-driving and war-chalking any day now.
|
