You were the one that said "pre-shared keys". I just asked - "what do you think certificates use?" since you say they are so much better than pre-shared keys.
I don't need to go and look up "session hijacking"- because that won't answer my question to you. Cheers Ken > -----Original Message----- > From: Mike French [mailto:[EMAIL PROTECTED] > Sent: Tuesday, 1 July 2008 11:15 PM > To: NT System Admin Issues > Subject: RE: WiFi setup > > I didn't say it couldn't be cracked, but 802.1x with certificates is not > currently exploitable in the same way WPA/WPA2 shared keys are. "session > hijacking" - Do a little research.... > > -----Original Message----- > From: Ken Schaefer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, July 01, 2008 1:05 AM > To: NT System Admin Issues > Subject: RE: WiFi setup > > Um, how do you think certificates work? They use public/private key > technology to exchange a symmetric key pair. Given enough time and > processing power you can break any TLS based encryption mechanism as > well :-) > > Cheers > Ken > > > -----Original Message----- > > From: Mike French [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, 1 July 2008 7:09 AM > > To: NT System Admin Issues > > Subject: RE: WiFi setup > > > > If you are forced to WPA/WPA2 use a Max length pass phrase with > > randomized Upper lower, Numbers, Special Characters (you know the > > drill). It might take the sting out of the crackers.... Anything with > > pre-shared keys is crackable given enough time and processor power. I > > don't think 802.1x with Radius is susceptible, provided you are using > > certificates. > > > > > > -----Original Message----- > > From: Marc Maiffret [mailto:[EMAIL PROTECTED] > > Sent: Monday, June 30, 2008 3:04 PM > > To: NT System Admin Issues > > Subject: RE: WiFi setup > > > > You shouldn't have any problems then. It is more of a track record on > > WEP/WPA and related that is to worry about, but you can always handle > > that when the time comes. Currently the only WPA2 that can be cracked > is > > that which uses pre-shared keys. > > > > Marc Maiffret > > Founder/CEO > > Invenio Security > > Security Services & Training > > http://www.inveniosecurity.com > > > > > > > -----Original Message----- > > > From: Chyka, Robert [mailto:[EMAIL PROTECTED] > > > Sent: Monday, June 30, 2008 12:35 PM > > > To: NT System Admin Issues > > > Subject: RE: WiFi setup > > > > > > We have cisco 440r controllers and a acs appliance. We use WPA2 > with > > > 8021.X for authentication against our active directory.. > > > > > > -----Original Message----- > > > From: "Carl Houseman" <[EMAIL PROTECTED]> > > > To: "NT System Admin Issues" <ntsysadmin@lyris.sunbelt-software.com> > > > Sent: 6/30/08 3:17 PM > > > Subject: RE: WiFi setup > > > > > > I wouldn't worry about separate IPSEC if your Wi-Fi hardware > supports > > > WPA2 and uses a 802.1x (Radius server) for client authentication. > > > > > > In fact, if you go for 802.11n, you're required to use WPA2 to get > the > > > "n" throughput boost. > > > > > > Carl > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~