WPA supported by 802.11-B ??? - need better understanding of what layer

I've looked at alot of wireless 802.11b devices; usb & pci mostly.

none that I've seen indicate wpa support.

CAN wpa be used over 802.11b ?
I didn't think the encryption had anything to do with the IEEE
specification.

Isn't wpa simply a matter of support by the driver / OS ?
(and of course the WAP).

seems to me this is how it would have to work for an 802.11b device to
talk to a wpa enabled 802.11g device... RIGHT?

tia - Bob

Bob <(E-Mail Removed)> wrote:
> I've looked at alot of wireless 802.11b devices; usb & pci mostly.
>
> none that I've seen indicate wpa support.
>
> CAN wpa be used over 802.11b ?
> I didn't think the encryption had anything to do with the IEEE
> specification.
>
> Isn't wpa simply a matter of support by the driver / OS ?
> (and of course the WAP).

Yes.
Not all cards/OS/... support WPA.
Some makers have announced plans to roll out wpa over their older cards.
Some makers lie.

Bob <(E-Mail Removed)> writes:
> I've looked at alot of wireless 802.11b devices; usb & pci mostly.
>
> none that I've seen indicate wpa support.
>
> CAN wpa be used over 802.11b ?

Yes, it can. D-Link has WPA drivers for its B-only cards. As does
Proxim/Orinoco.

> I didn't think the encryption had anything to do with the IEEE
> specification.
>
> Isn't wpa simply a matter of support by the driver / OS ?
> (and of course the WAP).

Yes I believe that's correct.

> seems to me this is how it would have to work for an 802.11b device to
> talk to a wpa enabled 802.11g device... RIGHT?

I can't recall completely, but I'm not sure if it's a marketing reason
or some technical chipset reasons why we're seeing WPA in the 11g
hardware first. But, WPA over 11b is possible and some manufacturers
have implemented the support in their drivers.

--
Todd H.
http://www.toddh.net/

>Some makers have announced plans to roll out wpa over their older cards.
>Some makers lie.

Some people say WPA is no more secure then WEP.
Some people say no one is going to bother to decrypt private wifi traffic.
You need to set up MAC filtering and monitor / log users to prevent someone
logging on to your LAN.
Basically wifi is inherently insecure.
I say the best security is to try to limit the signal to your property.
Regards,
Martin

On Wed, 31 Dec 2003 02:37:54 -0000, "Martin²"
<(E-Mail Removed)> wrote:

>>Some makers have announced plans to roll out wpa over their older cards.
>>Some makers lie.
>
>Some people say WPA is no more secure then WEP.
>Some people say no one is going to bother to decrypt private wifi traffic.
>You need to set up MAC filtering and monitor / log users to prevent someone
>logging on to your LAN.
>Basically wifi is inherently insecure.
>I say the best security is to try to limit the signal to your property.
>Regards,
>Martin
>

tx to Ian for his reply;

Martin - wow; that's the first time I've heard anyone say wpa is no
better than wep!!

not that I would argue against mac filtering - that's a good
practice...

but from all that I've heard, wpa IS supposed to be darn good;
after-all the government uses aes !

Bob

On 30 Dec 2003 09:54:24 -0600, (E-Mail Removed) (Todd H.) wrote:

>Bob <(E-Mail Removed)> writes:
>> I've looked at alot of wireless 802.11b devices; usb & pci mostly.
>>
>> none that I've seen indicate wpa support.
>>
>> CAN wpa be used over 802.11b ?
>
>Yes, it can. D-Link has WPA drivers for its B-only cards. As does
>Proxim/Orinoco.
>
>> I didn't think the encryption had anything to do with the IEEE
>> specification.
>>
>> Isn't wpa simply a matter of support by the driver / OS ?
>> (and of course the WAP).
>
>Yes I believe that's correct.
>
>> seems to me this is how it would have to work for an 802.11b device to
>> talk to a wpa enabled 802.11g device... RIGHT?
>
>I can't recall completely, but I'm not sure if it's a marketing reason
>or some technical chipset reasons why we're seeing WPA in the 11g
>hardware first. But, WPA over 11b is possible and some manufacturers
>have implemented the support in their drivers.

Todd;
tx much for your reply - it made sense to me; but I just wasn't seeing
much on the (b) lines....

Bob

In article <6PqIb.6976$(E-Mail Removed)>, Martin² wrote:

> Some people say WPA is no more secure then WEP.

Anyone who would tell you that has nothing more than a superficial
understanding (or no real understanding at all) of the cryptologic
issues involved. Yes, WAP is definately insecure. But WPA is secure
so long as you choose a passphrase that is not subject to a dictionary
attack and so long as you have your session key rotated frequently
enough. So choose your WPA passphrase wisely and set your key rotation
interval to a "reasonable" value.


> Basically wifi is inherently insecure.

All forms of communication are basically insecure until they are
explicitly secured.

(E-Mail Removed) writes:

> In article <6PqIb.6976$(E-Mail Removed)>, Martin² wrote:
>
> > Some people say WPA is no more secure then WEP.
>
> Anyone who would tell you that has nothing more than a superficial
> understanding (or no real understanding at all) of the cryptologic
> issues involved.

Agreed.

> Yes, [WEP] is definately insecure. But WPA is secure so long as you
> choose a passphrase that is not subject to a dictionary attack and
> so long as you have your session key rotated frequently enough. So
> choose your WPA passphrase wisely and set your key rotation interval
> to a "reasonable" value.

Correct.

This fallacious notion of WPA being "no more secure than WEP" is
likely the superficial conclusion drawn from the fact that if you have
a weak/short WPA pre-shared key, that a dictionary attack against the
key can be done reasonably quickly. Solution: choose a long random
PSK and the issue goes away.

Weakness in Passphrase Choice in WPA Interface
http://wifinetnews.com/archives/002452.html

WEP on the other hand can be programatically cracked without a brute
force dictionary attack because the weakness of RC4's key scheduling
and the use of Initial VEctors (IV's) that leak information about the
key. Furthermore, there's freely downloadable software (Airsnort)
that kindly implements the elegant Fluhrer, Mantin, ans Shamir (FMS)
attack for you. That's a horse of quite another color.

> > Basically wifi is inherently insecure.
>
> All forms of communication are basically insecure until they are
> explicitly secured.

Well said.

Best Regards,
--
Todd H.
http://www.toddh.net/

On Wed, 31 Dec 2003 19:11:12 GMT, (E-Mail Removed) wrote:

>In article <6PqIb.6976$(E-Mail Removed)>, Martin² wrote:
>
>> Some people say WPA is no more secure then WEP.
>
>Anyone who would tell you that has nothing more than a superficial
>understanding (or no real understanding at all) of the cryptologic
>issues involved. Yes, WAP is definately insecure. But WPA is secure
>so long as you choose a passphrase that is not subject to a dictionary
>attack and so long as you have your session key rotated frequently
>enough. So choose your WPA passphrase wisely and set your key rotation
>interval to a "reasonable" value.
>
>
>> Basically wifi is inherently insecure.
>
>All forms of communication are basically insecure until they are
>explicitly secured.

I suppose I would also add:

THERE ARE NO SECRETS!!!

;-)

Bob

On 31 Dec 2003 14:23:11 -0600, (E-Mail Removed) (Todd H.) wrote:

>(E-Mail Removed) writes:
>
>> In article <6PqIb.6976$(E-Mail Removed)>, Martin² wrote:
>>
>> > Some people say WPA is no more secure then WEP.
>>
>> Anyone who would tell you that has nothing more than a superficial
>> understanding (or no real understanding at all) of the cryptologic
>> issues involved.
>
>Agreed.
>
>> Yes, [WEP] is definately insecure. But WPA is secure so long as you
>> choose a passphrase that is not subject to a dictionary attack and
>> so long as you have your session key rotated frequently enough. So
>> choose your WPA passphrase wisely and set your key rotation interval
>> to a "reasonable" value.
>
>Correct.
>
>This fallacious notion of WPA being "no more secure than WEP" is
>likely the superficial conclusion drawn from the fact that if you have
>a weak/short WPA pre-shared key, that a dictionary attack against the
>key can be done reasonably quickly. Solution: choose a long random
>PSK and the issue goes away.
>
> Weakness in Passphrase Choice in WPA Interface
> http://wifinetnews.com/archives/002452.html
>
>WEP on the other hand can be programatically cracked without a brute
>force dictionary attack because the weakness of RC4's key scheduling
>and the use of Initial VEctors (IV's) that leak information about the
>key. Furthermore, there's freely downloadable software (Airsnort)
>that kindly implements the elegant Fluhrer, Mantin, ans Shamir (FMS)
>attack for you. That's a horse of quite another color.
>
>> > Basically wifi is inherently insecure.
>>
>> All forms of communication are basically insecure until they are
>> explicitly secured.
>
>Well said.
>
>Best Regards,

I'm very glad to hear the support for wpa;
I too was convinced that it was a worthy cryptographic protocol (again
- agreed that a GOOD psk is used).

I also knew of the programatic fault in wep, and started wondering if
there wasn't one in wpa after reading that reply. After some research,
I'm glad to say my confidence is renewed....

Bob