802.11 Shared Key Authentication is bad [was NetworkManager Issues]
Pekka Savola
pekkas at netcore.fi
Sat Nov 6 06:44:28 UTC 2004
On Fri, 5 Nov 2004, Charles R. Anderson wrote:
> On Fri, Nov 05, 2004 at 11:30:26AM -0500, Dan Williams wrote:
>> On Fri, 2004-11-05 at 11:08 -0500, Charles R. Anderson wrote:
>>> On Fri, Nov 05, 2004 at 05:02:40PM +0100, Ziga Mahkovec wrote:
>>>> As for the ipw2100 driver -- versions 0.57+ now actually default to
>>>> OPEN. But NM overrides this so no harm done. It does make life harder
>>>> if you're using ifup scripts with shared key authentication though. I
>>>> had to patch ifup-wireless to force restricted mode.
>>>
>>> Shared Key auth is worse than no authentication/encryption at all.
>>> Anyone with a clue will be using Open System. I don't think we should
>>> put too much effort into making Shared Key easy to use.
>>
>> Charles,
>>
>> Why is it so much worse?
>
> By doing Shared Key Authentication, you are providing potential
> crackers with both the Plaintext and the Ciphertext for the same data.
> This makes is much much easier for a third party to basically figure
> out what the WEP key is.
[...]
That said, are there plans for fedora to support 802.11x? Plus
different EAP variants, most importantly EAP-TLS?
There are open source packages out there... and it would be nice if
Linux could do this off-the-box such as Windows has been doing for a
long time now..
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the fedora-devel-list
mailing list