ietf
[Top] [All Lists]

Re: How to get onto the IETF authenticated LAN?

2010-07-28 03:09:43

  The IETF 78 LAN is using 802.1X (w/EAP) for authentication. The
wpacracker only works if the AP is doing PSK authentication.

  These things seem to get propagated because people punt the hard
problems with statements like "well the PSK is required to be a
uniformly random 128 bit string and if you don't configure it that
way it's your own damned fault." And IETF is not blameless in this
regard.

  But to answer your other question, this is being addressed in IEEE
802.11 by adding another PSK-based authentication technique using a
zero knowledge proof. Coming soon to an AP near you!

  Dan.

On Tue, July 27, 2010 8:08 am, Phillip Hallam-Baker wrote:
Will hack for food gets more professional. Anyone want to try it out
for me on the IETF 78 LAN?

http://www.wpacracker.com/faq.html

It seems doubtful to me that this would work against a really well
deployed network. But the fact that WPA2 can be deployed in dufus
configuration should be considered a major protocol flaw. WPA2 was
after all the fourth attempt the group made at making the protocol
secure.

It is not at all clear to me what level of expertise is required to do
the job right or how to be confident that it is done right.


The endpoints used in these protocols all have the ability to perform
public key cryptography at acceptable speeds. Even if they did not,
the price of 64Mb of flash memory is negligible these days and that is
sufficient to store more than enough keys to maintain tens of
thousands of session keys in the access point.

We have the resources and the technology to do the job right. Why do
we keep doing half measures that we know are wrong?

I know this particular issue is an IEEE funeral, but isn't there a
point where others decide to take responsibility?

--
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf



_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf

<Prev in Thread] Current Thread [Next in Thread>