Re: WPA-PSK password length requirement
- From: Dan Williams <dcbw redhat com>
- To: Robert Moskowitz <rgm htt-consult com>
- Cc: networkmanager-list gnome org
- Subject: Re: WPA-PSK password length requirement
- Date: Tue, 11 Dec 2012 09:02:50 -0600
On Tue, 2012-12-11 at 06:24 -0500, Robert Moskowitz wrote:
> The is on Fedora 17, x86_64 (NM 0.9.6.4-3.fc17?), Gnome 3.
>
> First I was a major contributor to 802.11i and wrote the first paper on
> the attack on WPA-PSK (and the myth on hiding SSIDs); I am not your
> typical end user having a complaint on client behaviour.
>
> Yesterday, I was at a major corporation for a meeting and the quest SSID
> had a 6 digit all numeric passcode. NM would not let me connect; it
> seem to insist that a passcode for WPA2-PSK be at least 8 characters
> long. The meeting participants using Windows had no difficulty with
> this 6 digit passcode and were able to get on the guest wireless network.
If it's a 6 digit passcode, then it's not a valid WPA passphrase. If
you're able to get a scan of that network, I'd be very curious to see
what it's output is.
It *may* be a WPS network, which is a method to set up a wifi connection
somewhat like pairing a Bluetooth device. That allows all numeric PIN
codes, and automatically determines the *actual* passphrase from a
handshake that uses the PIN.
> On any SSID I set up, I will use a reasonably strong passcode (though I
> would REALLY like to start using SAE in place of PSK!), but sometimes
> you have NO control over what others do. I REALLY need an override on
> the passcode length requirement; I will again be at that location for a
> meeting Dec 19.
Excellent, can you run:
iw dev wlan0 scan trigger
iw dev wlan0 scan dump
and grab the output for any AP of that network. Feel free to XXXX out
the MAC address and the SSID, since they aren't the interesting part.
What we want to know is a block like this:
WPS: * Version: 1.0
* Wi-Fi Protected Setup State: 2 (Configured)
* Response Type: 3 (AP)
* UUID: 3a05b2ad-a879-917c-cc3f-5717fb38815f
* Manufacturer: NETGEAR, Inc.
* Model: WNDR3400v2
* Model Number: WNDR3400v2
* Serial Number: 01
* Primary Device Type: 6-0050f204-1
* Device name: WNDR3400v2
* Config methods: Label
* RF Bands: 0x3
Dan
> I doubt I will find a way to complain to this company's senior
> management on their IT department's 'bad' policy. This setup is
> probably only intended to keep rifraf from trying to get to the NEXT
> level of access control (you then need an 8 hour user account for
> hotspot login). Oh, I did not mention that they hide this SSID. Sheesh.
>
>
> _______________________________________________
> networkmanager-list mailing list
> networkmanager-list gnome org
> https://mail.gnome.org/mailman/listinfo/networkmanager-list
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
