WPA2\AES and PSK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2009 04:21 AM - edited 07-03-2021 05:29 PM
We have a situation that we need to implement WPA2, AES with PSK on our WLC. If I put a complex passphrase of 63 ASCI characters, how safe is my wireless network? After reading multiple forums, it seems that is quite safe, even if this setup is design for a home or medium office.
Your feedback is very much appreciated.
Thank you.
- Labels:
-
Wireless Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2009 04:34 AM
Well the maximum length is 63, but of course the more characters the more secure. WPA2/AES is very difficult to crack anyways..... With WPA/TKIP, using more characters helps since that has already been compromised.
Make sure that your devices support 63 characters.
Here is a link that talks about WPAPSK;
http://blogs.zdnet.com/Ou/?p=127
If your choice is only to use PSK, then WPA2/AES. If you have a radius server, then it would be better to use 802.1x or WPA2-Enterprise as it is called in some software.
*** Please rate helpful posts ***

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2009 05:38 AM
As far as the security algorithm itself is concerned, a very long, random PSK is extremely secure.
However, there are human factor issues that come into play: that long PSK has to be written down somewhere and that location must be kept secure; the number of people who have access to the key must be limited and all of them must carefully maintain the security of the key; if the key is compromised you must manually change the keys on all clients; etc.
Another issue is that with a PSK you have no way to map a given wireless connection to any individual user, as you would with 802.1X. So if an EAP account is compromised you at least know who to yell at, whereas if your key is compromised you have no clue.
Nobody's going to crack a 63-character passphrase using over-the-air tools. But they won't bother. They'll just find a way to get into your helpdesk office and take a picture of the whiteboard where it's written down.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2009 11:09 PM
Hi,
If this system will work with MS WZC supplicants, easy way to get psk - extract it from Windows registry.
Cheers
