Re: F12 EEEPC 1000H WLAN with hidden SSID no go

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Robert Moskowitz <rgm@xxxxxxxxxxxxxxx> writes:
> Actually WPA2 with 802.1X authentication is REALLY tight.  No MITM
> will crack EAP TLS (EAP TLS is a little different than the TLS used in
> the most recent attack).  Then use AES CCMP (not TKIP).

And there we have the real way in protecting a wifi access point: turn
off WEP, WPA (v1), and TKIP (under WPA2).  Leave only WPA2 and CCMP.
Then let the computer choose a 64-bit hex number for the shared key.

Too bad the good advice is always drowned out by the hordes that claim
hiding SID's and changing port number on ssh are the way to get
security.  (For ssh turn off everything but RSA and DSA -- this way the
computer chooses a strong "password" (really a secret key) for you.)

> Of course your management frames are not protected.  That is 802.11w
> that will soon be in products....
>
> BTW, I worked on the 802.11 standards.  I use past tense, as in June
> my management had me move over to work on 802.15 standards. (I was in
> Atlanta last week for the 802 meeting).

Thank you for speaking up!  Will the new protocols require any HW
support or are they drop-in replacements on current wifi nodes?  Will
all the packets now be cryptographically protected?

-wolfgang
-- 
Wolfgang S. Rupprecht
If the airwaves belong to the public why does the public only get 3
non-overlapping WIFI channels?

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux