15 Aug
2005
15 Aug
'05
11:03 p.m.
WPA-PSK isn't much better if you're not careful. WPA-PSK uses TKIP, which is an RC4 based algorithm, and easily bruteforceable if your key is small. The upshot is, if you're using WPA-PSK, make sure your key is a lot larger than 20 characters.
Agree - should have said that
Or you could set up WPA-RADIUS and 802.1x for dynamic per-port keying, which fixes a lot of the issues. Some instances of WPA will use AES, although this isn't part of the original WPA specification. WPA2 "fixes" these problems as it uses AES.
Is there a WPA2-PSK? WPA-Radius is much better but you have to set up a Radius server as well which makes it more work but is definitely needed if you have more than a handful of machines. Ian