Archived from groups: alt.internet.wireless (
More info?)
gary schrieb:
> "Michael Schmidt" <NOSPAM_schmidt@nue.et-inf.uni-siegen.de> wrote in message
> news:2mu8dvFqt2deU1@uni-berlin.de...
>
>>Hi,
>>
>>sam1967@hetnet.nl schrieb:
>>
>>>I just read that - paradoxically - Open system is more secure than
>>>Shared Key because the Shared Key can be sniffed and cracked (iy you
>>>pardon the expression).
>>>
>>>I am setting up a small home system and would assume that Shared Key
>>>is a better option as it would prevent the next door neighbour (who is
>>>almost certainly not a hacker capable of sniffing and entering) from
>>>associating to the network.
>>>
>>>any thoughts on which is best for a small network ?
>>
>>"Open System" is actually no authentication at all. "Shared Key" on all
>>WEP adapters (i.e before "Wireless Protected Access" - WPA and probably
>>TKIP) is an authentication that exposes a clean text / cipher text pair
>>to an eavesdropper that can be used to help in subsequent attacks.
>>For that reason, most current (i.e. before WPA) adapters do not
>>implement the shared key message exchange anymore at all (even if shared
>>key is configured). WEP adapter producers realized after some time that
>>shared key authentication does more harm than it helps. In this case,
>>the shared key is only used as paylod encryption key, but not as
>>authentication key.
>
>
> Do you mean these vendors no longer offer shared-key authentication as an
> option? That sounds plausible. But if they continue to offer shared-key
> authentication as a configuration option, how do they get away with simply
> not implementing it? The standard defines exactly what these options mean,
> and if you allow a user to select shared-key auth but don't implement it,
> you are violating standard. It's not like SSID hiding, which can be viewed
> as a proprietary tweak to the standard - here, you are claiming to do
> something which you are not doing. I don't see how such a vendor could get
> certification, although I suppose it's possible the test suites don't cover
> authentication.
I don't know about the latest status of the WEP-only cards - if there is
a relevant latest status at all:
The latest WLAN security standard is 802.11i (I guess there are no cards
available which are certified for it yet), and before there was WPA
(many current cards support it), which is a close subset of 802.11, and
before WPA there was TKIP, which is a subset of WPA.
802.11i and WPA and TKIP (I guess TKIP calls this feature the same)
offer PreShared Key (PSK) authentication, which is no more exposed to
the WEP shared key authentication security problem. These cards have
been out for at least one year now, so that all current cards should
support secure shared key authentication.
Other than that, I wouldn't rely too strictly on the fact that an
adapter that claims to be 802.11-compatible supports all mandatory
features of the standard. I guess certified cards will do.
Michael
--
===========================================
Michael Schmidt
-------------------------------------------
Institute for Data Communications Systems
University of Siegen, Germany
-------------------------------------------
http: www.nue.et-inf.uni-siegen.de
e-mail: schmidt@nue.et-inf.uni-siegen.de
mobile: +49 179 7810214
===========================================