I would like to set up Cisco WLC with WLAN with 802.1x authentication. I see that the only encryption mechanism is WEP. Everywhere it says that this algorithm is weak solution? Im I missing something or the combination 802.1x (PEAP) with WEP has some improvements over the basic WEP with PSK ?
Asked
Active
Viewed 1,044 times
1 Answers
1
It doesn't improve much. True, 802.1X can provide secure authentication if a strong mechanism was chosen (e.g. PEAP or TTLS), and this includes a secure way to derive the encryption keys used for regular network traffic, with each client having its own key.
However, it doesn't matter how strong the authentication or the key are, when the encryption algorithm itself is very weak – with WEP, the key can be discovered after collecting just a few megabytes of data, and then used to decrypt or even inject traffic. This takes minutes.
(Some vendors have a custom protocol called "Dynamic WEP", which changes the key periodically. This is in fact what WPA-TKIP does – it merely sets a new WEP key for every packet. Regular WEP does not support that though.)
grawity
- 501,077