Further, TKIP addresses WEP??™s use of a single key by all clients. To create a base
key, TKIP uses either a passphrase or a master key derived from the authentication process,
and several other pieces of information, such as a client??™s MAC address. This base key in
turn is used with the IV to create per-packet keys. So in theory, every packet sent over
WPA is encrypted by a separate and unique key.
Finally, TKIP takes on weaknesses in key deployment by creating a base key that is
different for each client. A client provides a shared secret for authentication and various
other pieces of information. On wireless networks secured using WEP, all clients
constantly use the same key, providing a large amount of cipher text for attackers to
analyze. This also increases the probability of reuse of the 24-bit IV, exposing encrypted
messages to attackers.
One fundamental problem continues for networks that have switched from WEP to
WPA, or deployed WPA directly, yet do not use authentication. The initial passphrase or
secret deployed on clients and access points is often weaker than needed, since it usually
must be human-readable and entered by a human.
Pages:
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364