Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IEEE Approves 802.11i

michael posted more than 10 years ago | from the my-lock-my-key dept.

Wireless Networking 302

Dozix007 writes "IEEE has approved a new wireless security protocol dubbed 802.11i, intended to finally provide sufficient security for wireless connections that users don't need to rely on alternate security layers. The new specification works by using AES encryption in the transceiver itself, encrypting data directly at the level just above the actual radio pulses themselves. That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification."

cancel ×

302 comments

Sorry! There are no comments related to the filter you selected.

Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531668)

I'm on a few IRC channels, they're all buzzing about this but I can't find independant confirmation. Anyone know for sure?

Re:Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531692)

yes she did, CNN is reporting this now.

Re:Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531727)

I heard she was found with Stephen King in his Maine home. They apparently died from heart attacks almost simultaneously.

Re:Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531792)

no fair, you tricked me!

Re:Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531828)

I fucked her, you know. It was a little like screwing a bag full of pencils, but the pay was good.

Re:Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531856)

I'm not sure I understand the reference to 'a bag full of pencils'. Why would it feel like that? I could understand if you said 'like throwing a hot dog down a hallway.'

Re:Mary-Kate Olsen rumored to have died today (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531896)

I'm going to have to ask you to kindly refrain from criticising my similes. It makes me feel as if my feet were encased in a frozen tub of toothpaste.

Damn that was funny (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531959)

And of course, I had to use my last mod point a minute ago.

About time (-1, Redundant)

Anonymous Coward | more than 10 years ago | (#9531675)

And its even backwards compatable too!

Finally... (-1)

Anonymous Coward | more than 10 years ago | (#9531676)

Maybe now there will be less attacks against my LAN from unsecured WAPs.

What the? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531679)

Don't get me wrong, I love the president. But a recent interview with Irish television leaves me confused. Here are two quotes:

"People join terrorist organizations because there's no hope and there's no chance to raise their families in a peaceful world where there is not freedom ... so the idea is to promote freedom and at the same time protect our security.

"These people are willing to kill innocent people. They're willing to slaughter innocent people to stop the advance of freedom," Bush said.

So which is it? Do people join terrorist organizations because there is not freedom or to stop the advance of freedom?

Please advise. Thx.

Re:What the? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531697)

Please fuck off. Thx.

Re:What the? (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9531812)

Answer the question you terrorist piece of shit.

Re:What the? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531852)

42.

Re:What the? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531794)

So which is it? Do people join terrorist organizations because there is not freedom or to stop the advance of freedom?

Neither -- It's the excellent health coverage.

Re:What the? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531953)

What is means is this: we're on an irreversible trend toward more freedom and democracy -- but that could change.

Sure but does it require new equipment (3, Interesting)

Bruha (412869) | more than 10 years ago | (#9531681)

Or can I do a firmware upgrade on my Linksys WRT54GS.

$$$$ Dude.

Couldn't this be used by terrorists. (1, Insightful)

Anonymous Coward | more than 10 years ago | (#9531890)

Isn't untappable wireless communication at least as much of a threat to homeland security as model rockets [slashdot.org] ?

Re:Sure but does it require new equipment (-1, Troll)

Anonymous Coward | more than 10 years ago | (#9531976)

MARY-KATE IS DEAD!!!!

Re:Sure but does it require new equipment (5, Informative)

spellraiser (764337) | more than 10 years ago | (#9532023)

Well, since encryption only involves standard processing, a firmware upgrade should be all that's required. Don't see any reason why a device would need to be created specifically for 802.11i. This is also interesting (taken from here [dailywireless.org] ):

Cisco, one of the largest providers of enterprise APs, said AES is supported in hardware on the IEEE 802.11g versions of AP models 1100, 1200, and the newly announced 1300 outdoor AP/bridge. However, a software upgrade for those devices will be required. Software upgrades will also be available for 802.11a, b and g card-bus and NIC cards.

Although they don't state it explicitly, it's a pretty fair bet that firmware upgrades for Linksys APs will be available at some point.

Watch your Head! (2, Funny)

Braingoo (771241) | more than 10 years ago | (#9531690)

Oh no another wireless radio wave flying through the air! Oh well maybe I can pic up the internet if i tune my radio just right!

Re:Watch your Head! (0)

Anonymous Coward | more than 10 years ago | (#9531806)

It's not my fault I'm thinking dirty thoughts. Someone must be surfing a porn site on a wireless connection.

802******* and beyond (0, Offtopic)

i621148 (728860) | more than 10 years ago | (#9531694)

i am not buying or upgrading anymore 802***** equipment until someone comes out with a standard that allows me to broadcast to unused radio stations in my car stereo ;)

Re:802******* and beyond (1)

jbeall (707387) | more than 10 years ago | (#9531715)

You can go to radioshack and buy a gizmo to do that for, like, $20. Old news.

Re:802******* and beyond (3, Informative)

Anonymous Coward | more than 10 years ago | (#9531736)

Here you go. [engadget.com] Pirate radio, on the cheap!

Re:802******* and beyond (1)

i621148 (728860) | more than 10 years ago | (#9531836)

yes, but i want that contained in the cf card for my pda so you don't have some other piece of crap attached to it or put batteries in it...

Re:802******* and beyond (0)

Anonymous Coward | more than 10 years ago | (#9531889)

I'm sure you could make one with a soldering iron and some other stuff.

Re:802.11? and beyond (1)

TechniMyoko (670009) | more than 10 years ago | (#9531950)

better yet, used radio stations in neighboring cars.

so you wanna turn your rap up loud eh? take this!

Mr. Microphone (0)

Anonymous Coward | more than 10 years ago | (#9532028)

Ron Popeil has "invented" a lot of shit for your kitchen. His company markets a small rotisserie oven for that white trash buffet taste in your very own home. He sells a dehydrator for ridding food of that pesky moisture and a sausage maker for people with their own ... I don't know, pigs? Popeil has cured baldness with hair in a spray can. And in 1979, he cured the common zit. As part of a program to teach mathematics, science and grammar, we were forced to take health class in high school. Part of that instruction concerned skin care. Rather than bore you with detail, I'll summarize the conclusion. I quote, "Douche bag, you're NEVER gonna get laid with a zit on your face." This was not well recieved as I was the Fry Guy at Wendy's Old Fashioned Hamburgers. Enter Ron Popeil.
In 1979, Popeil's company, Ronco, marketed a product named Mr. Microphone. This name was chosen over Mr. Douchebag, since it was a microphone and not a feminine hygiene system. Mr. Microphone plugged into a common radio and turned a common schmo into a sex magnate. As the commercial demonstrated, getting laid was as simple as cruising the street and dictating your intentions to hapless pedestrians. "Hey, good-looking, we'll be back to pick you up later!" Ah, yeah. Chicks dig assertiveness. Zit, schmit. Mr. Microphone was the ticket to a bedroom full of many beautiful ladies.
Skeptics may doubt the effectiveness of Mr. Microphone as a cure for common acne. But I can attest to the fact that I never had a Mr. Microphone yet my bedroom was never filled with many beautiful ladies. Coincidence?
I don't think so.

Ah Finally! (4, Insightful)

scosol (127202) | more than 10 years ago | (#9531696)

"sufficient" security- hahahahah history teaches us nothing apparently

Re:Ah Finally! (0, Troll)

Omega1045 (584264) | more than 10 years ago | (#9531735)

I was going to post something about "sufficient security", but figured I would getted modded hard on troll. That is the type of phrase that comes back to bite you in the arse.

Re:Ah Finally! (5, Funny)

nazsco (695026) | more than 10 years ago | (#9531799)

encription in EVERY protocol layer and then some encription in the software, that's runing trhu ssh... so i can safely read my mail that i protected with my birtday as the password.

Re:Ah Finally! (1)

ThogScully (589935) | more than 10 years ago | (#9531937)

Even the best security is only sufficient. Eventually, everything can be cracked. Eventually, enough computing power will be available to make today's encryption algorithms useless. But eventually, security options will be sifficiently better to protect those that want it.
-N

Re:Ah Finally! (0)

Anonymous Coward | more than 10 years ago | (#9532058)

"Sufficient" is actually the goal.

"Total" security would be a problem, because it could be used by drug dealers, etc.

Actually secure? (1, Interesting)

Anonymous Coward | more than 10 years ago | (#9531698)

I'll believe it when I see it... and after it's been out in the open for at least a year for the world to try to hack it to pieces first. Anytime you broadcast any signal into the airwaves, you're handing its content on a silver platter to anyone with the equipment and know-how to receive and decode it.

Re:Actually secure? (4, Insightful)

cmowire (254489) | more than 10 years ago | (#9531864)

Perhaps.

However, you do have to remember that a lot of classified information that would result in really major problems for many governments travels, encrypted, over the airwaves, on a regular basis. A cryptosystem isn't called secure unless it can't be broken in a reasonable amount of time, even if the bad guy knows your algorythm, and even if the bad guy is able to observe your transmissions.

Basicly, what the entire WEP debacle has shown is that when you are transmitting over the airwaves, the importance of secure encryption increases. And that if you are going to make a widespread standard for encryption, you had better check it out with some folks who know encryption first.

Long Time Until it Replaces B/G (2, Interesting)

artlu (265391) | more than 10 years ago | (#9531702)

Even if I is going to be the new wireless standard, there is going to be many years until it becomes it. G was supposed to become the new standard, and I am rarely in a situation where my Powerbook picks up a G signal.

Does anyone have any figures on how long between products get rolled out until inception in the digital world? I would be curious to see the timeliens of some products such as: 3.0megapixel cameras, DSL/Cable, 802.11b/g, etc.

GroupShares Inc. [groupshares.com] - A Free and Interactive Investment Community

Lack of equipment or how it's supposed to work? (3, Insightful)

swb (14022) | more than 10 years ago | (#9531744)

IANA wireless expert, but isn't one of the annoying gotchas of 802.11g that the presence of a B client drops all connected nodes down to B speeds?

If I'm remembering that right, then what you're experiencing may not be a lack of standards uptake -- you could be connecting to a ton of 802.11g stations, but somebody's got a B card running.

Re:Long Time Until it Replaces B/G (2, Insightful)

radixvir (659331) | more than 10 years ago | (#9531815)

thats probably because for most purposes B is fine. i mean who is going to spend more on G when typical internet speeds never even reach 11Mps? G maybe is fine for the office or home where you are talking to local servers or other clients, but starbucks doesnt need more than a B.

Re:Long Time Until it Replaces B/G (1)

Jeff DeMaagd (2015) | more than 10 years ago | (#9531915)

I am rarely in a situation where my Powerbook picks up a G signal.

That's why you make a G signal.

For internet access spots, B should do fine.

The idea is to get a more recent standard such that when it gets widely adopted, you are ready for it, rather than having to upgrade or add cards when it does become popular.

Re:Long Time Until it Replaces B/G (1)

otterpop81 (784896) | more than 10 years ago | (#9532043)

The idea is to get a more recent standard such that when it gets widely adopted, you are ready for it, rather than having to upgrade or add cards when it does become popular.


Oh, I see. So buy it now while it's new and expensive and no one else uses it (making it no better than the older standard), so you don't have to do a cheap upgrade later when it gets popular.

Re:Long Time Until it Replaces B/G (1)

NanoGator (522640) | more than 10 years ago | (#9531927)

"G was supposed to become the new standard, and I am rarely in a situation where my Powerbook picks up a G signal."

G recently became rather affordable. Just a few days ago I bought a wireless router using G. It was only $10 more expensive than B. I figured what the hell?

I doubt you'll find G at public places, though. Little need for it since it isn't so popular to do transfers that require the megabits range.

Re:Long Time Until it Replaces B/G (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9531944)

GOD DAMMIT MODS!

Stop modding this blatant karma whore up! He never says anything of value, just comes up with something moderately ontopic so that he can tack his 'sig' onto everything.

Change your prefs, turn sigs off, oh look, his is still there! Why? Because he includes it in EVERY POST! Go check his posting history! It's all about posting early, asking stupid questions, and whoring for a quick '5'.

All to promote some shite website.

The way things ought to be (1)

joNDoty (774185) | more than 10 years ago | (#9531704)

Hardware enforced encryption? Now that's a good idea. Why not incorporate this into all networking technology at the hardware level. No risk of hack-arounds, seamless integration, automatic reaping of benefits.

Re:The way things ought to be (0)

Anonymous Coward | more than 10 years ago | (#9531820)

That's a terrible idea. What a huge pain in the ass it would be to have to collect the key for every NIC you wanted to use a sniffer on for troubleshooting purposes. I'd bet that 90% of packet sniffing is done by the powers of good, and forcing encryption in hardware would make life that much more difficult.

Re:The way things ought to be (1)

biz0r (656300) | more than 10 years ago | (#9532019)

Hold on a second there...this new method of encryption is purely for keeping people from 'grabbing' your data out of the air and decrypting it (I didn't RTFA, maybe it's also used to prevent others from jumping on your wifi as well). Your CAT5(/etc) hardwired cable is not going to 'leak' your information out to other local CAT5 users, as wireless very well might.

So uh...in case I am totally off base here, care to explain your idea more thoroughly?

Perfect? (1)

Hexedian (626557) | more than 10 years ago | (#9531705)

Is there anything now to stand in the way of 802.11? It seems to me that it will become The one standard to comply to...

Re:Perfect? (0, Offtopic)

lukewarmfusion (726141) | more than 10 years ago | (#9531867)

Yeah - the eye chart of 802.11a/b/g/i, the crappy security that goes with all of those (wait a year or two, and see if i is all that secure), and the interoperability problems between them (and between different manufacturers, even within the same standard!).

I hope I'm wrong about 802.11i, but I have more faith in history than I do in companies and their marketing deparments.

It's about time... (5, Interesting)

Shoeler (180797) | more than 10 years ago | (#9531714)

Hopefully the approval of the standard will reel in the multiple competing vendor solutions that have been out there. From Cisco's LEAP to TKIP (Aka WEP2), most still would not encrypt things like the MAC address or ESSID. For companies who are actually security-minded and wouldn't deploy wireless without a truely secure standard, this should be their open door to some real mobility.

Now if only I can convince my employer so I can use Trillian to get me through those boring meetings. :)

Suspicious (5, Funny)

gUmbi (95629) | more than 10 years ago | (#9531724)

What happened to 802.11h? Was it brushed under the rug by the NSA? The CIA? The Bush family?

Get out the tin foil hats boys, this is a big one.

Re:Suspicious (1, Funny)

Anonymous Coward | more than 10 years ago | (#9531763)

They wanted to stick with the trend of naming everything with an "i". The original name was to be i802.11.

Re:Suspicious (1)

Bog Standard (743863) | more than 10 years ago | (#9531874)

http://www.devx.com/wireless/Door/11412 Just because the letters follow doesn't.... BS

awesome (5, Insightful)

joel2600 (540251) | more than 10 years ago | (#9531726)

Now try explainging to regular people the difference between a/b/i/g/x and which ones work together, which ones don't and why.

i hope the guys at best buy are up to speed to direct the consumers!

Re:awesome (1, Funny)

servognome (738846) | more than 10 years ago | (#9531817)

Consumer: So which router should I get
Best buy guy: You definately should get x, the letter is umm, a speed rating, like on car tires
Consumer: Will it work with my existing system
Best buy guy: Yes it works on the 802.11 standard

BEST BUY SUX0RS!!!! BLOW YOUR MOD POINTS HERE (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#9532022)

Obviously some BestBuy dweeb got mod points today

In Soviet Russia (0, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531729)

802.11i approves YOU!

(Come on folks, this really IS funny if you think about it)

Re:In Soviet Russia (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531861)

(Come on folks, this really IS funny if you think about it)

It's more "funny-groan" than "funny-haha".

Re:In Soviet Russia (-1, Offtopic)

mamba-mamba (445365) | more than 10 years ago | (#9531881)

Who modded the parent to flaimbait? Off topic, maybe.

Whatever.

Personally, I thought it was funny.

MM
--

Re:In Soviet Russia (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#9531985)

"Who modded the parent to flaimbait? Off topic, maybe."

ex-KGB moderator?

802.11h? (4, Funny)

BoldAC (735721) | more than 10 years ago | (#9531737)

I hope this means that everybody is respecting my patent for 802.11h--which is, of course, packet transmission by horsepack. We are also trying to teach dolphins... the squeaks are tough to error correct. :(

Re:802.11h? (0)

Anonymous Coward | more than 10 years ago | (#9531796)

802.11h

This standard is supplementary to the MAC layer to comply with European regulations for 5GHz WLANs. European radio regulations for the 5GHz band require products to have transmission power control (TPC) and dynamic frequency selection (DFS). TPC limits the transmitted power to the minimum needed to reach the furthest user. DFS selects the radio channel at the access point to minimize interference with other systems, particularly radar. Pan-European approval of 802.11h is not expected until the end of 2003.

Re:802.11h? (1, Funny)

Anonymous Coward | more than 10 years ago | (#9531929)

Pan-European approval of 802.11h is not expected until the end of 2003.
I can't wait until last year, so I can buy one! :)

Re:802.11h? (1)

lukewarmfusion (726141) | more than 10 years ago | (#9531918)

Indeed, horsepack is a very strong wireless method. It's powerful, but it's also resource consuming. You have to power it with hay, and the maintenance is demanding. It's not as fast as other wireless protocols, but the pipe is huge. And the range is much better than any of our existing methods - horses can travel over hundreds of miles. Unfortunately, line of sight isn't quite enough for the packets to get there.

Pinging www.slashdot.org via 802.11horse...
Response received in 32 days, 4 hours, 7 minutes, 51 seconds.

The i stands for... (4, Funny)

calebb (685461) | more than 10 years ago | (#9531738)

The i is for incryption! [groan]

Hey, if you don't think anyone makes that spelling mistake, check out this link! [google.com]

Re:The i stands for... (0)

Anonymous Coward | more than 10 years ago | (#9531948)

Sure... You use incryption on the intranet in the same way you'd use encryption on the extranet.

Firmware (3, Interesting)

kinzillah (662884) | more than 10 years ago | (#9531739)

Is there any news on if this will be available as a firmware update for existing equipment? Or will our access points not have the required processing power to handle it?

If thats the case, running a VPN over the wireless may still be the best option.

Re:Firmware (1)

afidel (530433) | more than 10 years ago | (#9532038)

Doubtfull. Even the Cisco cards which do a bunch of the crypto in hardware will not have the functions for AES onboard and the crypto is in the ASIC which is not flash upgradable. Some cards which offload the crypto to the host CPU might be able to be upgraded, but will a general purpose CPU be able to do the AES at 54Mbit/sec??

Is this really a good thing? (5, Insightful)

kabocox (199019) | more than 10 years ago | (#9531754)

I know some seemless intergrated security is better than having it tacked on afterward. I've always felt that if folks trusted a default security layer to be perfect, they will get burned when the defaul layer is broken. You should always have application encryption of important data. You shouldn't just trust that your pipe will be encrypted. Sometimes those pipes get used by unauthorized third parties that's when having everything else encrypted comes in handy. I'm just afraid folks will switch to the 802.11i and not bother to encrypt any of their data.

Re:Is this really a good thing? (2, Insightful)

DAldredge (2353) | more than 10 years ago | (#9531847)

And them not encrypting their data is different for how they do things now?

Re:Is this really a good thing? (2, Funny)

aredubya74 (266988) | more than 10 years ago | (#9531879)

That's a bold statement.

Hee hee.

Layers are the key (1)

Bog Standard (743863) | more than 10 years ago | (#9531773)

Hopefully implementing encryption PROPERLY in the APIC layer will avoid all of the crap we had to put with regarding the mismatched client standards, chipsets, hacks and OS's It is about time wlan wasn't fscked for 50 quid MAC layer encryption is great until some smart person breaks it. Implement it correctly and you wont look like an arse. This is your last chance at getting 802.11 security correct!!!!! BS doesn't have a sig. But Apu asks you to come again

Re:Layers are the key (0, Offtopic)

Bog Standard (743863) | more than 10 years ago | (#9531825)

yes I have a busted return and . key :)

Tinfoil free? (0, Redundant)

whitelabrat (469237) | more than 10 years ago | (#9531778)

Does this mean I can take the tinfoil off my house if I upgrade???

Change hardware *again*? No thanks (3, Insightful)

jeffmeden (135043) | more than 10 years ago | (#9531786)

That makes it transparent for applications sending data through the radio, so legacy programs running on new 802.11i-compliant hardware will automatically get the benefits of the new protocol without the need for modification.

And exactly 0% of the hardware will be backwards compatible. Who trusts data privacy flying across a network anyway? Isnt that what we have VPN, SSH, HTTPS, etc. for? IMHO we have more things to concern ourselves with, like interference countermeasures, signal efficiency, etc. Who is going to switch to a new hardware platform just because it offers a different (read: not necessarily better) encryption method?

This is terrible news (4, Funny)

piecewise (169377) | more than 10 years ago | (#9531788)

More security and more awareness for security means that I won't be able to leach off my neighbor's wireless and in turn that means I will not be able to sit on the toilet with my PowerBook and in turn that means I will have to stretch Ethernet clear across into the bathroom and THAT can create a fire hazard.

Need I say more.

Key Exchange (1)

Anonymous Coward | more than 10 years ago | (#9531789)

Can anyone tell me (us?) how key exchange is done in 802.11i? AES is very strong, but if the key is sent over the link in the clear it will obviously be bad news. So how does it do it? PKI? Something else? Any info would be appreciated.

Re:Key Exchange (1)

Luyseyal (3154) | more than 10 years ago | (#9531855)

If I had my guess, most home installations will have manually entered shared keys.
-l

Let's hope 802.11 stops soon (4, Funny)

FerretFrottage (714136) | more than 10 years ago | (#9531803)

...because once we get to 802.11l we're really going to be screwed and nevermind the marketing nightmares.

Sample tech support eamil exchange
"I'm having problems with my 802.11l wireless router"

"Did you say 802.111?"

"No, 802.11l"

"That's what I said"

"No, you said 802.111, that's not due out til next month according to /."

"Sorry sir, so you have our 802.11/. router?"

Re:Let's hope 802.11 stops soon (1)

morcheeba (260908) | more than 10 years ago | (#9531980)

Military connectors [aecsinc.com] (and many others, I'm sure) skip the confusing letters (like "I", "O", and "Q") in their numbering. I'm sure IEEE could do the same.

Re:Let's hope 802.11 stops soon (1)

mopslik (688435) | more than 10 years ago | (#9532030)

I'm sure IEEE could do the same.

So would that be the 1EEE then? :)

Re:Let's hope 802.11 stops soon (0)

Anonymous Coward | more than 10 years ago | (#9532001)

"Did you say 802.111?"
"No, 802.11l"

Except that "EL" sounds nothing like "ONE". Maybe email support though?

Now we can start waiting for a total break of AES (1)

Slinky Saves the Wor (759676) | more than 10 years ago | (#9531824)

Now, let's put on our tinfoil hats and start waiting for a total break of AES, or faults in the implementation of AES in the devices (at least the major ones).

Re:Now we can start waiting for a total break of A (3, Informative)

m0rningstar (301842) | more than 10 years ago | (#9532060)

AES, like DES and 3DES is a public algorithm and was subject to extensive peer review prior to adoption by the US government. (It's not a US algorithm; the original name was Rijndael). It was chosen for key length, security and efficiency of the algorithm and memory footprint among other things.

While this doesn't guarantee the security, it certainly improves the chances of it being as secure as possible. AFAIK, DES/3DES, a 20+ year old algorithm is still only vulnerable to brute force attacks.

The real fear here -- as in any encrytion system -- is the security of the key handling protocol. It's TKIP not AES that'll be the key to the security of 802.11i.

Too many goddamn wireless standards. (1)

TyrranzzX (617713) | more than 10 years ago | (#9531838)

Why can't they just settle on one standard and go from there?

Re:Too many goddamn wireless standards. (0)

Anonymous Coward | more than 10 years ago | (#9531882)

I'm sure they are reading your comment right now and are astounded that they didn't think of that before. As we speak millions of dollars in research funds are going into settling on one standard and going from there. Congratulations sir, you are brilliant.

Re:Too many goddamn wireless standards. (2, Insightful)

Dun Malg (230075) | more than 10 years ago | (#9531951)

Why can't they just settle on one standard and go from there?

That's essentially what's happening already. They settle on a standard, people adopt it. The trouble comes with the "go from there" part. Whenever you "go" anywhere new with a standard, the old stuff is non-compliant, thus requiring a new standard.

Better than IPSec over wi-fi... (1)

Vexler (127353) | more than 10 years ago | (#9531869)

Until recently, some people advocated IPSec over wi-fi as a stop-gap solution. But that's just that: A stop-gap. I for one am glad to see that the standard takes into consideration lower layer security (and tosses WEP out the window).

Re:Better than IPSec over wi-fi... (3, Insightful)

Abcd1234 (188840) | more than 10 years ago | (#9532033)

How is that a stop-gap? IPSec has one purpose: to protect IP traffic data over an insecure link. Sounds like it fits right into the wifi game. And given that it's a proven standard with many interoperable implementations, it still strikes me as an excellent option for people who wish to secure their wireless transmissions. This is especially true given that 802.11i won't be fully adopted in the market place for at least a year or two.

Besides, there are *many* issues regarding security aside from the wire protocol. As one other posted mentioned, key management is one of these issues. How does 802.11i deal with this? I know IPSec has many different solutions available for key management, meaning I can make it fit into my network infrastructure. How does 802.11i fit into this picture?

Not very helpful... (0, Flamebait)

razmaspaz (568034) | more than 10 years ago | (#9531876)

Definitive studies on the matter are as yet unavailable

As are definitive articles.

Step in the right direction (1)

UsedToCould (740576) | more than 10 years ago | (#9531891)

What needs to be understood here is that this is a step in the right direction. It will be some time till it is mainstream(face it, everyone has b/g, and it costs money to upgrade), and while it is MORE secure, it's made by a human.
There will be another one who can bypass it. That's just how things work. If someone wants it bad enough, they'll get it.

Poor Starbucks (4, Funny)

Anonymous Coward | more than 10 years ago | (#9531895)

What the hell am I supposed to do at starbucks now If I can't sit around and sniff wirelessness??. Read the newspaper?!?!?!

Key Management (4, Interesting)

provolt (54870) | more than 10 years ago | (#9531902)

Did anyone else notice that there was no mention of key management? Who cares what algorithm it uses if there isn't secure key management. AES is a good choice for the encryption algorithm, but it might as well be plaintext if the key managment isn't handled properly.

Is they key negotiated as part of the protocol? How is that exchange authenticated? How is access control done? Can anyone enter the network?

Does it use a pre-placed key? How do you make sure the AP has every clients key? Can you access the AP without encryption? Do users have to type keys in?

FW Upgrades for non-router 802.11x equipment? (2, Interesting)

Geiger581 (471105) | more than 10 years ago | (#9531919)

My router claims to be firmware-upgradeable to 802.11i/AES 'when the time comes,' but what about other stuff? If given the option, I would a sufficiently upgradeable AP or wireless NIC. It seems that only routers have enough CPU horsepower to spare to do be indefinitely upgradeable, but could I be wrong?

Does this finally solve the *other* major problem? (2, Interesting)

ConsumedByTV (243497) | more than 10 years ago | (#9531935)

You know, the one that makes it that anyone on the wifi network can see all the other traffic?

I personally think a HUB is still a bad idea, even if the main transports are encrypted to the outside. The insider doesn't need to be able to see anyones traffic unless it's repeated to the target. It would be great if it was encrypted and acted like a switch.

I would still use my VPN with this.

OK, but how does it actually work (4, Insightful)

mamba-mamba (445365) | more than 10 years ago | (#9531943)

You can't just say oh, it uses AES. AES is a symmetric cipher, which implies that there is a shared session key.

How do the nodes generate and exchange a shared session key? Or do you have to enter an AES key manually before you even hook up? That would certainly lock down the node!

It would be nice if someone posted a link explaining at a medium level how it actually works. I don't want to just go read a draft of the standard, but I wouldn't mind reading a few of the important details.

MM
--

In related news... (4, Funny)

genka (148122) | more than 10 years ago | (#9532002)

Apple anounced it's own version, called i802.11

Obligatory (1)

cnctvfs (788458) | more than 10 years ago | (#9532014)

In Soviet Russia..... I for one welcome our new.... All your base are belong.... ....you insensitive clod.

Re:Obligatory (1)

cnctvfs (788458) | more than 10 years ago | (#9532053)

bugmenot actually works...

Is this the end? (1)

bool morpheus() (689231) | more than 10 years ago | (#9532027)

So does this mean the end of wardriving?

Now I'm confused. (2, Insightful)

JayJay.br (206867) | more than 10 years ago | (#9532034)

Maybe I do not have enough knowledge to know shit about this, but it looks to me that this is a standard for encryption, and it obviously would be public key encryption, and transceivers would exchange public keys to talk.

While this clearly means that now no one can sniff the SSID, is this going to be any better for those who leave it at the default? And without any kind of MAC authentication or network protection at upper levels, would knowing the SSID the only difficult imposed against abuse of the network?

Not trolling, I just want to know if stupid admins can still mess this one up.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>