So WPA is the WEP flaw cure eh?

ktwebb

Platinum Member
Nov 20, 1999
2,488
1
0
"The longer summary: If you use the standard interface for WPA key entry and provide a text passphrase that uses words found in dictionaries of fewer than 20 characters, a cracker passively intercepting initial key exchange messages can employ an offline dictionary attack and extract the encryption key, gaining access to the network."

WPA flaw

As a note, it's a problem easily solved by the user implementing the passphrase. I just thought it funny that WPA was supposed to be the end all answer, and still is relatively speaking, but has such a weak front end flaw.
 

RagingBITCH

Lifer
Sep 27, 2003
17,618
2
76
"The shorter summary: Short, text-based WPA keys can be broken through no fault in the WPA protocol."

Security in general seems to only benefit the knowledgeable anyway, never the lazy nor ignorant. There are still people who only have 40bit encryption on their browsers, use their check card for online purchases, etc etc and those are the types of people who will be affected by this WPA flaw.

Don't get me wrong, I see your point and totally agree with you, (not trying to start a flame war by any means) but it's just user laziness in this case. People would rather use the word "mydog" than "A0167fd6c8b9e31d45ca10b94d" for a 128bit key (used WEP as an example) since it's easier to type that into 3 wireless computers on their network.
 

ktwebb

Platinum Member
Nov 20, 1999
2,488
1
0
"I see your point and totally agree with you, (not trying to start a flame war by any means)"

Nothing to agree with. Wasn't making a point really. The test you wrapped from my post was merely a quote from the Linked article. Just providing some info. Lazy or not, I doubt all that many people would have created pass phrases better than 20 characters if this flaw wasn't exposed.
 

ktwebb

Platinum Member
Nov 20, 1999
2,488
1
0
Yep. It's still a much better solution. I just thought it was a bit comical after the whole WEP debacle, that they would have overlooked this seemingly elementary flaw.
 

Matthias99

Diamond Member
Oct 7, 2003
8,808
0
0
This "flaw" (vulnerability to dictionary attacks) exists with basically every password-based security scheme. This is not *really* a problem specific to WPA.
 

aka1nas

Diamond Member
Aug 30, 2001
4,335
1
0
What's so bad about using check cards for online purchases? Other than that it links to your checking account?
 

gunrunnerjohn

Golden Member
Nov 2, 2002
1,360
0
0
Originally posted by: aka1nas
What's so bad about using check cards for online purchases? Other than that it links to your checking account?
Do you really want someone "linking" to your checking account?

Remember, there is no protection for fradulent transactions with check cards like there is with credit cards. I've never paid a dime to a credit card company for bogus transactions, but I know a family that lost several thousand from their checking account when their check card was compromised. The never got the money back...
 

buleyb

Golden Member
Aug 12, 2002
1,301
0
0
Yeah, secured Credit Cards are held to federal law governing fraud, Debit cards aren't, and neither are many cheap "we don't care about your credit history" unsecured credit cards.

As far as WPA goes, its a good solution for those that want more security. I like the idea of AES hardware based WPA, and constant key exchange, but lets up WPA hardware today works with the ratified WPA in the future.

Still, many people are mix/matching their network, between WEP and WPA hardware, which is a recipe for a hole...

Bring on the ratification of 802.11i