Re: WiFi security (was wifi access from laptop to starbucks wifi)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 06/22/2010 07:27 PM, Darr was caught red-handed while writing::
> On Tuesday, 22 June, 2010 @22:00 zulu, JD scribed:
>
>    
>> WPA2-PSK + AES : I thought it is not possible for inter-customer
>> traffic to figure out the keys because once the connection is
>> established,
>> keys change dynamically per the protocol. Perhaps a an expert on the
>> WPA2-PSK protocl can shed some light on this.
>>      
> The unsecure part is, if left to their own devices people tend
> to choose weak passwords. It really is that simple.
>
> If you choose a password that is a dictionary word or the name
> of one of your kids/friends/pets, or a phone number, or a simple
> sequence on the keyboard like 123456, 1234qwer, qwertyuiop,
> et cetera, then AES can be 'cracked' using the dictionary method.
>
> If you choose a passphrase like 1a!B2@Cd3#4$efGH(56) it's
> virtually uncrackable, Especially since there's a 1-minute xmit
> timeout enforced when there have been 2 wrong PW tries in
> 30 seconds. Even if they could make 3 guesses per second it
> should take a couple hundred centuries to crack that passphrase.
>
>    
Even so, that does not mean you can decrypt another user's traffic,
because you will n ot be able to find out the keys that were exchanged just
before the client transmitted a packet, regardless of how
weak the passphrase is when using AES.
All clients will be using same passphrase anyhow (assuming we
are still talking about using a public wifi hotspot, or
even a workplace shared wifi router/gateway, which is set
to accept only WPA2-PSK and AES encryption - no two
clients will be in lock-step conversation with the gateway
such that they exchange same keys with the gateway.
So, inter-client traffic (which means that someone has
some software on his/her machine, and has set his/her
interface in promiscuous mode and is trapping packets from
some particulat IP address. Good luck trying to decrypt them
The Japanese team of scientists could not do it.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux