PDA

Click to See Complete Forum and Search --> : WPA defend against rf sniffers?

BobY777
11-01-2004, 08:54 AM
I know WPA is better then WEP, and it helps keep people from authenticating onto a wireless network.

Am I also correct in thinking that it also helps thwart rf sniffing (where hackers don't even try to authenticate in)? They are just trying to capture information passing through the airwaves, from someone else who has authenticated in?

Does it do this by rotating the encryption key, so that by the time a hacker figured out the key, the encryption is changed to something else?

Any one best wireless PC card to use for WPA? I was looking at Proxim (the b/g card), but it doesn't seem to be capable of WPA. Only can be updated later I think, when they come out with some kind of upadated hardware. They don';t say much about it. So it seems that not all wireless card makers are ready yet for WPA?

Thanks,
golfnut
11-01-2004, 12:30 PM
Hi Bob,

WPA changes the encryption keys so often, it makes it difficult to decipher the key to associate with an AP and gain access to the network.

It's probably not a good idea to implement WPA on a Public network because you have to tell people the shared key and then there's the issue of configuration and compatibility.

T-Mobile is offering the same thing now (802.1x) at Starbucks and to solve the configuration issue, you need to download their software.

If this is in a business environment, WPA is the best available and there are a few APs on the market with built-in RADIUS authentication (DLink & Zyxel). Yes, no server needed but MD5 authentication which XP doesn't support.

Greg
BobY777
12-06-2004, 09:06 AM
Hi Greg:

Thank you.

Are you saying that WPA needs a radius server to operate? Or is that one way to use WPA?

I'm not sure what MD5 authentication is.

Thanks
golfnut
12-06-2004, 11:12 AM
Hi Bob,

WPA-PSK (Pre Shared Key) does not need a server to authenticate a user. In this mode, the AP will constantly change or shuffle the encryption key amongst associated clients making it hard to sniff and decipher.

802.1x WPA requires a server to authenticate. In this mode, the server genreates the encryption key and sends it to the AP for use during client association. This method adds an additional layer of security by authenticating a username and password.

The APs with built-in authentication (Zyxel and DLink that I know of), uses a method called MD5 for securing the username and password handshake (search google for more info on MD5).

It's not the most secure method of authentication and XP doesn't support it, meaning you would need to install a supplicant to use it.

Greg
BobY777
12-06-2004, 12:35 PM
Thank you Greg.