Log in
Register
Home
Forums
New posts
Search forums
What's new
New posts
New profile posts
Latest activity
News
Members
Current visitors
New profile posts
Search profile posts
Features
Log in
Register
Search
Search titles only
By:
Search titles only
By:
New posts
Search forums
Menu
Install the app
Install
Reply to thread
Home
Forums
Pro Audio
Junior Varsity
X-Air internal AP FUBARness
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Message
<blockquote data-quote="Sander Rooijens" data-source="post: 148468" data-attributes="member: 4896"><p>Re: X-Air internal AP FUBARness</p><p></p><p></p><p></p><p>That's what I said as well... WEP is easy to crack in both modes but "shared key" is worse than "open system".</p><p></p><p>A short explanation: If a wireless client is connecting to an access point it is going through a phase known as "association". With "shared key" it is not possible to associate with an access point unless you have the correct WEP key. To verify if the client has the correct key the AP sends an plaintext message to the client ("challenge") which the client the encrypts with its key and returns to the AP ("response"). Now the AP can verify if the client has the correct keys and accept or reject the association.</p><p></p><p>If an attacker can capture both the association challenge and response packets he now has the same packet twice: once unencrypted and once encrypted. This makes it very easy to break the encryption by comparing the two since it is known that the actual data inside is the same.</p><p></p><p>With "open system" a client is allowed to associate with an access point whether it has the right keys or not. (during the association phase there's no key exchange)</p><p>When you're actually trying to transmit data however, the AP will not be able to decrypt the packets if the keys don't match so they will be discarded. Effectively, even though you're associated, you do not have a working network connection unless you have the correct keys. </p><p></p><p>Because there's no challenge/response that can be captured and directly compared this is harder to crack. The disadvantage is that an AP can get associations from clients that have no working connection but still take up some processing time and bandwidth from that AP.</p><p></p><p>There are other security flaws in WEP that can be exploited in either mode however.</p><p>Any device that is designed less than 10 years ago really should support WPA2 or at least WPA.</p><p></p><p>S.R.</p></blockquote><p></p>
[QUOTE="Sander Rooijens, post: 148468, member: 4896"] Re: X-Air internal AP FUBARness That's what I said as well... WEP is easy to crack in both modes but "shared key" is worse than "open system". A short explanation: If a wireless client is connecting to an access point it is going through a phase known as "association". With "shared key" it is not possible to associate with an access point unless you have the correct WEP key. To verify if the client has the correct key the AP sends an plaintext message to the client ("challenge") which the client the encrypts with its key and returns to the AP ("response"). Now the AP can verify if the client has the correct keys and accept or reject the association. If an attacker can capture both the association challenge and response packets he now has the same packet twice: once unencrypted and once encrypted. This makes it very easy to break the encryption by comparing the two since it is known that the actual data inside is the same. With "open system" a client is allowed to associate with an access point whether it has the right keys or not. (during the association phase there's no key exchange) When you're actually trying to transmit data however, the AP will not be able to decrypt the packets if the keys don't match so they will be discarded. Effectively, even though you're associated, you do not have a working network connection unless you have the correct keys. Because there's no challenge/response that can be captured and directly compared this is harder to crack. The disadvantage is that an AP can get associations from clients that have no working connection but still take up some processing time and bandwidth from that AP. There are other security flaws in WEP that can be exploited in either mode however. Any device that is designed less than 10 years ago really should support WPA2 or at least WPA. S.R. [/QUOTE]
Insert quotes…
Verification
Post reply
Home
Forums
Pro Audio
Junior Varsity
X-Air internal AP FUBARness
Top
Bottom
Sign-up
or
log in
to join the discussion today!