Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WPA2\AES and PSK

We have a situation that we need to implement WPA2, AES with PSK on our WLC. If I put a complex passphrase of 63 ASCI characters, how safe is my wireless network? After reading multiple forums, it seems that is quite safe, even if this setup is design for a home or medium office.

Your feedback is very much appreciated.

Thank you.

3 REPLIES
Hall of Fame Super Silver

Re: WPA2\AES and PSK

Well the maximum length is 63, but of course the more characters the more secure. WPA2/AES is very difficult to crack anyways..... With WPA/TKIP, using more characters helps since that has already been compromised.

Make sure that your devices support 63 characters.

Here is a link that talks about WPAPSK;

http://blogs.zdnet.com/Ou/?p=127

If your choice is only to use PSK, then WPA2/AES. If you have a radius server, then it would be better to use 802.1x or WPA2-Enterprise as it is called in some software.

-Scott
*** Please rate helpful posts ***
Silver

Re: WPA2\AES and PSK

As far as the security algorithm itself is concerned, a very long, random PSK is extremely secure.

However, there are human factor issues that come into play: that long PSK has to be written down somewhere and that location must be kept secure; the number of people who have access to the key must be limited and all of them must carefully maintain the security of the key; if the key is compromised you must manually change the keys on all clients; etc.

Another issue is that with a PSK you have no way to map a given wireless connection to any individual user, as you would with 802.1X. So if an EAP account is compromised you at least know who to yell at, whereas if your key is compromised you have no clue.

Nobody's going to crack a 63-character passphrase using over-the-air tools. But they won't bother. They'll just find a way to get into your helpdesk office and take a picture of the whiteboard where it's written down.

New Member

Re: WPA2\AES and PSK

Hi,

If this system will work with MS WZC supplicants, easy way to get psk - extract it from Windows registry.

Cheers

316
Views
0
Helpful
3
Replies