Thursday, February 14, 2019

WPA and Open System Authentication

Did you know that before you authenticate to your wireless network, it's using the same security mechanisms as open Wi-Fi?

With TLS, it's fairly well known how (most) cipher suites implement the Diffie-Hellman exchange to provide reasonably effective forward secrecy. ECC Diffie-Hellman has largely superseded RSA, but the underlying reason for implementation remains the same - until you establish an encrypted session, confidentiality does not exist. The ultimate solution would be out-of-band exchanged pads, but that is technically infeasible. There will always be a compromise with sacrificial cipher exchanges to achieve forward secrecy.

This is a really helpful video that visually describes the Diffie-Hellman Exchange:

No comments:

Post a Comment

NSX Advanced Load Balancer - NSX-T Service Engine Creation Failures: `CC_SE_CREATION_FAILURE` and `Transport Node Not Found to create service engine`

TL;DR If you see either of these errors, check  grep 'ERROR' /opt/avi/log/cc_agent_go_{{ cloud }}  for the potential cause. In my ca...