NIS Chapter 07 Flashcards
PSK is intended to be used in SOHO environments, why is this?
because PSK does not require the extensive infrastructure and configurations associated with stronger 802.1X
What does the 802.11-12 define?
It defines authentication and key management either by PSK or 802.1X/EAP
What is the difference and similarity between WPA and WPA2
WPA uses TKIP/RC4 encryption and WPA2-Personal uses CCMP/AES.
Similarity: both use PSK
What were the 2 goals of WPA-Personal?
- To stop the use of fixed sized keys
- to stop the need for complicated HEX and ASCII input
How does WPA-Personal accomplish its goals?
By allowing a user to enter a passphrase between 8-63 characters that will then be mapped to a PSK
What is a PSK?
This is a 256 bit length / 64 character static key that is configured on the client and the AP
What is the formula to compute the PSK?
PSK = PBKDF2(PassPhrase, ssid, ssidLength, 4096, 256)
What is key stretching?
The added computational work to
make password cracking much more difficult, and is known as key stretching
Why is it such a big threat to have a weak SSID and a weak passphrase?
Because the SSID and the passphrase are both used in the computation of the PS which is also used as the PMK as seeding material for the 4way handshake which is used to generate dynamic encryption keys between the clients. And every client station has the same PMK
How is the PTK created?
4-Way Handshake uses a pseudo-random function to combine the PMK with the ANonce,
SNonce, AA, and SPA to create a pairwise transient key (PTK).
What is the vulnerability found in the 4 way handshake?
ANonce, SNonce, and the MAC addresses of the client station and the access point are
all seen in clear text during the 4-Way Handshake frame exchange.
What risk does this impose?
if the hacker derives the PMK from the passphrase all they need to do is to listen in on the 4-way handshake and they have all they need to make a PTK and the decrypt any unicast traffic between the client and AP. In this way both encryption keys and network resources are at risk
What is the easier way to obtain the passphrase?
through social engineering
What is entropy?
this is the measure pf incertainty associated with a random variable and detemines how diffulcult a password is to crack
How many bits of entropy are need to be considered sade?
96