TechTarget

Use authentication servers to beat WPA flaw

Analysts have advised users to use authentication servers if they want to secure their wireless networks, following revelations...

Analysts have advised users to use authentication servers if they want to secure their wireless networks, following revelations about insecurities in Wi-Fi standards.

The flaw in the Wi-Fi Protected Access (WPA) standard was highlighted in a research paper published on 4 November by Trusecure senior technical director Robert Moscovitch.

The flaw allows intruders to crack passphrases of less than 20 characters via an offline dictionary attack - where a hacker takes the password file from the server then cracks it with dictionary software.

Stan Schatt, an analyst with Giga, said, "The problem is that suppliers do not provide an easy-to-use tool with which to generate and manage 20-character passphrases."

Schatt said it was impractical for companies to rely on WPA for security and that they must use authentication servers for 802.1x security.

WPA was unveiled in late-2002 as a replacement for WEP (Wired Equivalent Privacy), the existing, but flawed, basic wireless security method.

Where WEP uses a predictable static key, WPA uses integrity checking protocols for its encryption. If, however, users employ short text-based keys, these can be cracked and it is recommended that complex keys with random characters are used to foil dictionary analysis.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close