what is more secure, WEP with 128bit, or WPA-PSK?
Hi, which one is more secure for wlans, WEP with 128 bit, or WPA-PSK? as far as I understand it (please correct me if neccessary), WPA-PSK is basically WEP128 but with a changing key which is sent to the clients on connect, encrypted with the WPA passphrase? so i think WPA should be more secure than WEP with always the same key? bye, MH -- gpg key fingerprint: 5F64 4C92 9B77 DE37 D184 C5F9 B013 44E7 27BD 763C
which one is more secure for wlans, WEP with 128 bit, or WPA-PSK?
WPA-PSK is more secure, but also dependant on the pass phrase. I prefer random strings with ~50 bytes, You can get those easily from base64 coded email attachments. This is also a great source for initial user passwords ;-) Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
Hi *, for more Info go to: http://100h.org/wlan/aircrack/ download the compressed File, and read the contained Readme file. Markus Gaugusch schrieb:
which one is more secure for wlans, WEP with 128 bit, or WPA-PSK?
WPA-PSK is more secure, but also dependant on the pass phrase. I prefer random strings with ~50 bytes, You can get those easily from base64 coded email attachments. This is also a great source for initial user passwords ;-)
Funny idea ;-) By far less complicated as using random data and md5.
Markus
Dirk TRIA IT-consulting GmbH Joseph-Wild-Straße 20 81829 München Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de -------------------------------------------------------- working hard | for your success -------------------------------------------------------- Registergericht München HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschäftsführer: Richard Hofbauer kaufm. Geschäftsleitung: Rosa Igl -------------------------------------------------------- Nachricht von: Dirk.Schreiner@tria.de Nachricht an: markus@gaugusch.at, admin@eregion.de, suse-security@suse.com # Dateianhänge: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur für den oben genannten Empfänger bestimmt. Wenn Sie nicht der vorgesehene Empfänger dieser E-Mail oder mit der Aushändigung an ihn betraut sind, weisen wir darauf hin, daß jede Form der Kenntnisnahme, Veröffentlichung, Vervielfältigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you
On Sep 6, Dirk Schreiner
Markus Gaugusch schrieb:
which one is more secure for wlans, WEP with 128 bit, or WPA-PSK?
WPA-PSK is more secure, but also dependant on the pass phrase. I prefer random strings with ~50 bytes, You can get those easily from base64 coded email attachments. This is also a great source for initial user passwords ;-)
Funny idea ;-) By far less complicated as using random data and md5.
And better, because md5 outputs only 0-9,A-F ... The /dev/random and tr approach is of course better (in theory), but I just can't remember that command when I need to ;-) Usually, base64 encoded data has enough randomness if you look a bit for it ... Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus(at)gaugusch.at X Against HTML Mail / \
/ 2005-09-06 22:12:17 +0200 \ Markus Gaugusch:
On Sep 6, Dirk Schreiner
wrote: Markus Gaugusch schrieb:
which one is more secure for wlans, WEP with 128 bit, or WPA-PSK?
WPA-PSK is more secure, but also dependant on the pass phrase. I prefer random strings with ~50 bytes, You can get those easily from base64 coded email attachments. This is also a great source for initial user passwords ;-)
Funny idea ;-) By far less complicated as using random data and md5.
And better, because md5 outputs only 0-9,A-F ...
well. if you take the base64 encoding of a compressed (zip, (.tar.) gzip, bz2, most pdfs, many image file formats), the entropy should be high enough...
The /dev/random and tr approach is of course better (in theory), but I just can't remember that command when I need to ;-) Usually, base64 encoded data has enough randomness if you look a bit for it ...
there is also pwgen: pwgen generates passwords which are designed to be easily memorized by humans, while being as secure as possible. The pwgen program is designed to be used both interactively, and in shell scripts. Hence, its default behaviour is differs depending on whether the standard output is a tty device or a pipe to another pro‐ gram. Used interactively, pwgen will display a screenful of passwords, allowing the user to pick a single password, and then quickly erase the screen. This prevents someone from being able to "shoulder- surf" the user’s chosen password. When standard output is not a tty, pwgen will only generate one password, as this tends to be much more convenient for shell scripts. This also assures that pwgen is compatible with a previous version of this program. [... few options snipped ...] very nice imho. btw, Markus, what about that beer we wanted to have the other day? -- : Lars Ellenberg Tel +43-1-8178292-0 : : LINBIT Information Technologies GmbH Fax +43-1-8178292-82 : : Schoenbrunner Str. 244, A-1120 Vienna/Europe http://www.linbit.com :
participants (4)
-
Dirk Schreiner
-
Lars Ellenberg
-
Markus Gaugusch
-
Mathias Homann