This immediately limits the passphrase
or secret to a subset of readable characters that can easily be entered from the keyboard.
Furthermore, the length is often limited to 20 characters or less due to the difficulties
associated with remembering or entering long strings of seemingly random text.
It is important to note that if robust authentication methods are not used with WPA, it
must rely upon Pre-Shared Keys (PSK). The same secret phrase must be entered on all
clients and all access points. This carries forward the key management issues inherent in
WEP. In addition, it is virtually impossible to securely distribute the key or passphrase, as
the secret information must be provided to all clients. A single malicious client can use this
data to compromise other client sessions. Unfortunately, WPAPSK is relatively common
due to the lack of a need for a separate authentication system.
Understanding and Achieving Next-Generation Wireless Security 134
6.3.2 802.1X - User Authentication and Network Access
In an attempt to address the lack of user authentication in WEP, support for the 802.1X
protocol was added to WPA. The 802.1X protocol was originally designed for wired
networks and only facilitates authentication, therefore it cannot guarantee secure
authentication on wireless networks.
Pages:
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365