I didn't say it couldn't be cracked, but 802.1x with certificates is not currently exploitable in the same way WPA/WPA2 shared keys are. "session hijacking" - Do a little research....
-----Original Message----- From: Ken Schaefer [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 01, 2008 1:05 AM To: NT System Admin Issues Subject: RE: WiFi setup Um, how do you think certificates work? They use public/private key technology to exchange a symmetric key pair. Given enough time and processing power you can break any TLS based encryption mechanism as well :-) Cheers Ken > -----Original Message----- > From: Mike French [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 1 July 2008 7:09 AM > To: NT System Admin Issues > Subject: RE: WiFi setup > > If you are forced to WPA/WPA2 use a Max length pass phrase with > randomized Upper lower, Numbers, Special Characters (you know the > drill). It might take the sting out of the crackers.... Anything with > pre-shared keys is crackable given enough time and processor power. I > don't think 802.1x with Radius is susceptible, provided you are using > certificates. > > > -----Original Message----- > From: Marc Maiffret [mailto:[EMAIL PROTECTED] > Sent: Monday, June 30, 2008 3:04 PM > To: NT System Admin Issues > Subject: RE: WiFi setup > > You shouldn't have any problems then. It is more of a track record on > WEP/WPA and related that is to worry about, but you can always handle > that when the time comes. Currently the only WPA2 that can be cracked is > that which uses pre-shared keys. > > Marc Maiffret > Founder/CEO > Invenio Security > Security Services & Training > http://www.inveniosecurity.com > > > > -----Original Message----- > > From: Chyka, Robert [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 30, 2008 12:35 PM > > To: NT System Admin Issues > > Subject: RE: WiFi setup > > > > We have cisco 440r controllers and a acs appliance. We use WPA2 with > > 8021.X for authentication against our active directory.. > > > > -----Original Message----- > > From: "Carl Houseman" <[EMAIL PROTECTED]> > > To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> > > Sent: 6/30/08 3:17 PM > > Subject: RE: WiFi setup > > > > I wouldn't worry about separate IPSEC if your Wi-Fi hardware supports > > WPA2 and uses a 802.1x (Radius server) for client authentication. > > > > In fact, if you go for 802.11n, you're required to use WPA2 to get the > > "n" throughput boost. > > > > Carl ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~