Authentication | Mechanism Strength | |
Mechanism |
| |
|
| |
Wireless Client | For | |
| ||
combinations. In order to test a guessed key, the attacker must complete the | ||
(Wireless Client | ||
Role) | ||
attacker must complete the 802.11 association process. That process involves | ||
| ||
| the following packet exchange: | |
| ∙ Attacker sends Authentication request (at least 34 bytes) | |
| ∙ AP sends Authentication response (at least 34 bytes) | |
| ∙ Attacker sends Associate Request (at least 36 bytes) | |
| ∙ AP sends Associate Response (at least 36 bytes) | |
| Total bytes sent: at least 140. Note that since we do not include the actual 4- | |
| way handshake, this is less than half the bytes that would actually be sent, so | |
| the numbers we derive will absolutely bound the answer. | |
| The theoretical bandwidth limit for IEEE 802.11n is 300Mbit, which is | |
| 37,500,000 bytes/sec. In the real world, actual throughput is significantly less | |
| than this, but we will use this idealized number to ensure that our estimate is | |
| very conservative. | |
| This means that the maximum number of associations (assume no delays, no | |
| ||
| 267,857 per second, or 16,071,429 associations per minute. This means that | |
| an attacker could certainly not try more than this many keys per second (it | |
| would actually be MUCH less, due to the added overhead of the | |
| handshake in each case), and the probability of a successful attack in any 60 | |
| second interval MUST be less than 16,071,429/(4.4 x 10^31), or roughly 1 in | |
| 10^25, which is much less than 1 in 10^5. | |
|
| |
Mesh AP WPA2 | Same as Wireless Client | |
PSK (User role) | ||
| ||
|
| |
Certificate based | The module supports RSA | |
authentication | equivalent strength. The probability of a successful random attempt is | |
key pair (CO role) | 1/(2^112), which is less than 1/1,000,000. The probability of a success with | |
| multiple consecutive attempts in a | |
| is less than 1/100,000. | |
|
|
25