Re: Wireless home LAN - WiFi vs Bluetooth?
Hi.
On Tue, Jul 30, 2019 at 07:06:08PM -0400, Celejar wrote:
> On Mon, 29 Jul 2019 13:57:25 +0300
> Reco <recoverym4n@enotuniq.net> wrote:
>
> ...
>
> > WPA2's (that's your conventional WiFi standard) secure configuration is
> > fiendishly difficult.
>
> I take your point, but "fiendishly difficult"? I think you're
> exaggerating.
WPA Enterprise. 802.1r. An "interesting" choice between CCMP and TKIP
(yep, it's hardware dependent). De-authentication attacks. "Evil twin"
attacks.
I meant it when I wrote "fiendishly difficult".
> > You have beacon frames that are broadcasted without any encryption.
>
> True, but is there any evidence that this constitutes a security risk?
Some people believe that hiding AP name gives them another layer of
security. Beacon frames prove otherwise.
> > You have authentication frames that can be intercepted (so WPA
> > passphrase can be bruteforced).
>
> Lots of things (such as TLS, ssh) can theoretically be brute forced -
> the question is whether such brute forcing is sufficiently practical to
> be a threat. I have seen nothing to indicate that properly configured
> WPA2 can be realistically brute forced.
For WPA2 it's not that hard really, assuming pre-shared key usage.
Can be expensive (all those videocards and ASICs have their cost), but
definitely doable.
> > You have several encryption algorithms, but:
> > a) They are not equally good.
>
> Of course not - they never are ;) The trick is to pick a good one, and
> for wifi, that's WPA2 using AES.
See above.
> > b) You may have a hardware that lack support for a good ones.
>
> I suppose, but my impression is that most hardware from the last few
> years is fine.
Cheap smartphones and tablets. Whatever they put instead of a proper
WiFi in printers (yep, I'm looking at you, HP). Oh, D-Link and Linksys.
There are *always* some exceptions to "newer is the better" rule.
Reco
Reply to: