Dell AP-93 Network Card User Manual


 
34
Authentication
Mechanism
Mechanism Strength
Wireless Client
WPA2-PSK
(Wireless Client
role)
For WPA2-PSK there are at least 95^16 (=4.4 x 10^31) possible
combinations. In order to test a guessed key, the attacker must complete the
4-way handshake with the AP. Prior to completing the 4-way handshake, the
attacker must complete the 802.11 association process. That process involves
the following packet exchange:
Attacker sends Authentication request (at least 34 bytes)
AP sends Authentication response (at least 34 bytes)
Attacker sends Associate Request (at least 36 bytes)
AP sends Associate Response (at least 36 bytes)
Total bytes sent: at least 140. Note that since we do not include the actual 4-
way handshake, this is less than half the bytes that would actually be sent, so
the numbers we derive will absolutely bound the answer.
The theoretical bandwidth limit for IEEE 802.11n is 300Mbit, which is
37,500,000 bytes/sec. In the real world, actual throughput is significantly less
than this, but we will use this idealized number to ensure that our estimate is
very conservative.
This means that the maximum number of associations (assume no delays, no
inter-frame gaps) that could be completed is less than 37,500,000/214 =
267,857 per second, or 16,071,429 associations per minute. This means that
an attacker could certainly not try more than this many keys per second (it
would actually be MUCH less, due to the added overhead of the 4-way
handshake in each case), and the probability of a successful attack in any 60
second interval MUST be less than 16,071,429/(4.4 x 10^31), or roughly 1 in
10^25, which is much less than 1 in 10^5.
Mesh AP WPA2
PSK (User role)
Same as Wireless Client WPA2-PSK above
RSA Certificate
based authentication
(CO role)
The module supports RSA 1024 bit keys and 2048-bit RSA keys. RSA 1024
bit keys correspond to 80 bits of security. The probability of a successful
random attempt is 1/(2^80), which is less than 1/1,000,000. The probability of
a success with multiple consecutive attempts in a one-minute period is less
than 1/100,000.