WPA Weakness Discovered, but Easily Solved -- Following last week's article about the implementation of WPA (Wi-Fi Protected Access) in AirPort Extreme cards and base stations (see "AirPort 3.2 Update Adds New Security Options" in TidBITS-704), a security expert alerted me to a weakness in choosing keys for the WPA system. The weakness applies to the AirPort 3.2 update as well as to all other consumer WPA-enabled Wi-Fi systems. Basically, choosing a key comprised entirely of real words that are 20 characters or fewer leaves you open to that key being broken rather easily. The solution? Choose a longer key or invent 20 characters of gibberish. If you're particularly security-conscious, use the option Apple provides to enter 256 bits of encryption, which is 32 hexadecimal bytes or 64 hexadecimal digits! That's overkill, however. In last week's article, it wasn't clear why Apple even offers the hexadecimal option when other devices from Buffalo and Linksys don't; now it appears that Apple provides all of the options for entering WPA keys, where the other manufacturers don't. I've written more about this issue and posted my colleague's paper on the subject at Wi-Fi Networking News. [GF]
Find Your Mac's Serial Number
Want to check your Mac's serial number quickly and easily? Select About This Mac from the Apple menu, and click on the text directly below "Mac OS X" that reads "Version 10.x.x." Click once and you'll get a build number which is more specific information about the software. Click twice, and you'll get your Mac's serial number.
Visit MacTipster Blog
Other articles in the series Panther Answers
- Security Update 2004-09-16 Fixes iChat Vulnerability (20 Sep 04)
- Security Update 2004-09-07 1.1 Fixes FTP & Safari (20 Sep 04)
- Security Update 2004-09-07 Potentially Problematic (13 Sep 04)
- Quicken 2005 Released (09 Aug 04)
- Revisiting Panther's FireWire Data Loss Problem (15 Mar 04)
- Apple Releases Mac OS X 10.3.4 Update (07 Jun 04)
- Apple Releases Mac OS X 10.3.3 (15 Mar 04)
- How FileVault Should Work (01 Mar 04)
- A Slew of Apple Software Updates (05 Jan 04)
- New Panther Language Features (17 Nov 03)
- Panther Application Improvements (10 Nov 03)
- Fixes Available for Some Panther FireWire Troubles (03 Nov 03)
- Security Update 2003-10-28 Released (03 Nov 03)
- Interesting Bits of Panther (27 Oct 03)
- Mac OS X 10.3 Panther Unleashed (27 Oct 03)
- Default Folder X & QuicKeys X: Upgrade Before Panther! (27 Oct 03)
- Mac OS X 10.3 Panther Springs at WWDC (23 Jun 03)
Published in TidBITS 705.
Subscribe to our weekly email edition.
WPA Weakness Discovered, but Easily Solved
Automatic’s connected car adapter with iPhone apps on
Automatic’s platform, drivers are able to drive safer and smarter.
TidBITS readers get 20% off all orders at <http://automatic.com/tb>