Ever heard of Dynamic PSK?
Last Post: May 18, 2010:
-
Ok, this is half advertisement, half security chit chat.
Can a PSK be cracked? Yes if it below about 20 characters. Anything much above that... no dice. Yes, yes, you heard me right, even with rainbow tables and distributed computing anything north of 40 characters is safe for now. So why is PSK so hated in the Wi-Fi industry? Two reasons.
One, humans have to know it. Once a human has to know it, then there is a possibility of major problems such as disgruntled workers posting it on Facebook, Twitter, etc.
The second problem is that all devices in the ESS need to use the same PSK. Any breach (as above) and the entire network must be reconfigured. Not good.
Yes, of course I'm here with a solution from Ruckus. Dynamic PSK. Ruckus was just awarded a patent on Dynamic PSK. Dynamic PSK is actually quite simple. A user connects once, either via Ethernet or an SSL encrypted web page over Wi-Fi, enters credentials and the system configures (yes, it does it for you) your end node with a PSK that is unique to that device. That PSK is good for as long or as short as you want it to be. Device gets lost or stolen, you revoke that PSK. Done. Super. Simple. Secure.
Thoughts?
GT
-
How to check each station got each PSK when associating?
-
GT
Yeah I knew all about Ruckus and PSK great stuff, I did speak with Scott earlier in the day LOL
Just one question does it maintain being standards based and does not fall otside the standards?
You are just using a proprietary delivery mechanism?
-
Z4,
With an SSID that has Dynamic PSK as its security mechanism, any STA that is on that BSS must be using Dynamic PSK. Just as with a "normal" AP using standard WPA-PSK, it can't complete the 4 way handshake without a proper PSK.Pete,
It is standards based PSK and you are correct, one thing we are doing differently is the delivery method, which is one of the major problem with regular PSK. :)GT
-
Ok, is this some sort of RADIUS VSA that deploys the keys? What are the "node" requirements?
- 1