Auditing Wi-Fi Protected Access (WPA) Pre-Shared Key Mode
This article examined some of the vulnerabilities within WEP and WPA and provides the tools and method for auditing WPA pre-shared key mode passphrases. To do this, we examined the framework and flaws in WEP and reviewed the risks associated with using WPA-PSK passphrases of less than 20 characters. It has been demonstrated that although the method to crack the WPA-PSK is not trivial, it also is not beyond the reach of an average Linux user. Home users can lessen their security risks by using a passphrase significantly greater than 20 characters or, alternatively, by using WPA-Enterprise and incorporating an authentication server. Corporate users should implement an authentication server, use per-user keying and refrain from implementing WPA in PSK mode.
Resources for this article: /article/8405.
John L. MacMichael (CISSP, GSEC, CWNA) is a Naval Officer and Information Professional who works in the field of Information Assurance. He considers himself a journeyman Linux user and utilizes a variety of distributions both at work and home, including Slackware, Debian, Red Hat and several live distros; he has yet to find his favorite. He invites your comments at email@example.com.
- Be a Mechanic...with Android and Linux!
- New Products
- Users, Permissions and Multitenant Sites
- Flexible Access Control with Squid Proxy
- Security in Three Ds: Detect, Decide and Deny
- High-Availability Storage with HA-LVM
- Tighten Up SSH
- DevOps: Everything You Need to Know
- Non-Linux FOSS: MenuMeters
- Solving ODEs on Linux