-
Windows no longer obstructs my view.
Using Kubuntu Linux since March 23, 2007.
"It is a capital mistake to theorize before one has data." - Sherlock Holmes -
I am not too concerned ,... yet.If setup correctly, WPA2 using pre-shared key (PSK) encryption keys can be very secure. Depending on which version is present on the wireless device it also has the advantage of using strong encryption based on either the temporal key integrity protocol (TKIP) or the more secure counter mode with cipher block chaining message authentication code protocol (CCMP). 256-bit encryption is available and a password can be an alphanumeric string with special characters up to 63 characters long.
Read more at: http://phys.org/news/2014-03-wpa2-wireless.html#jCpLast edited by Snowhog; Mar 21, 2014, 10:05 PM."A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962. -
-
Ah, a Faraday Cage! Good idea!Originally posted by oshunluvr View PostJust wrap your house in aluminum foil - like your hat!
LOL!"A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.”
– John F. Kennedy, February 26, 1962.Comment
-
I don't understand how that process results in a temporary backdoor, are they saying that the old key is sent in the clear (or in an easier to crack form) as part of the process, and it is still valid until the new session is established fully?However, it is the de-authentication step in the wireless setup that represents a much more accessible entry point for an intruder with the appropriate hacking tools. As part of their purported security protocols routers using WPA2 must reconnect and re-authenticate devices periodically and share a new key each time.
The team points out that the de-authentication step essentially leaves a backdoor unlocked albeit temporarily.Comment
-
Not exactly news. The Phys.org article misses a number of details. Similar near-breathless reporting is easily discoverable; see this example. Now check the comments in that article, and you'll learn that the technique "revealed" by the researchers is hardly novel. Brute force attacks using dictionaries is sooooooo duuulllllllllllll. Furthermore, the advice to use MAC filtering and to hide SSIDs is ludicrous.
Not to be outdone is Slashdot, claiming that this new "method" doesn't require brute force or dictionaries. That's laughable, because the researchers themselves state they "reveal[ed] the secret password by using the instance of the PSK and matching it with every record of the dictionary. For these experiments we used a very big dictionary that consisted of 666,696 standard printable ASCII character records of various lengths." This is the very essence of a dictionary-based brute force attack.
Ridonkulousness, folks. Move along.Comment
- Please do not use the CODE tag when pasting content that contains formatting (colored, bold, underline, italic, etc).
The CODE tag displays all content as plain text, including the formatting tags, making it difficult to read. - The following Topic Prefixes are designated for use in Community Cafe:
DS (Distribution Showdown) GN (Geek News) KLD (Kubuntu or Linux Discussion) TWC (The Water Cooler) KUT (Kubuntu User Testimony) NRD (Next Release Discussion)
While use is not required, doing so allows for efficient Filtering.
Comment