Posted: 07th Nov, 2003 By: MarkJ
The next-generation of broadband wireless LAN (Wi-Fi) security protocol, known as Wi-Fi Protected Access (WPA), has been found potentially susceptible to attack:
The issue involves the use of Use of Pre-Shared Key (PSK) as an alternative to 802.1X based key establishment, the approach preferred by corporate environments.
Pre-Shared Keying (PSK) is provided in the WPA and 802.11i standards to simplify deployments in small, low risk, networks. A PSK is a 256 bit number or a pass phrase eight to 63 bytes long.
Cryptographic weaknesses in PSK - particular when used in conjunction with simple pass phrases - mean attackers may be able to crack into systems through passive monitoring of wireless networks followed up by offline dictionary attacks. So the consumer-implementation of WPA is subject to the same kinds of shortcomings that afflicted the weak and broken WEP system, the industry's first (now rejected) stab at a security protocol for wireless networks.This will not go down well with Wi-Fi's many hotspot and local business site adopters. More @
The Register .