lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <86u13cjf1v.fsf@blue.stonehenge.com>
From: merlyn at stonehenge.com (Randal L. Schwartz)
Subject: TiVo Network Security

>>>>> "S" == S f Stover <attica@...ckheap.org> writes:

S> Another thing to keep in mind is that if you are good about
S> rotating your WEP keys, you'll be much more secure against casual
S> sniffers.  Maybe run airsnort (or equivalent) at home and when it
S> cracks the key, drop in another one.

S> Unless there's a different way of cracking WEP than duplicate/weak IVs, this
S> should put you in reasonable shape.

Well, if you're running WEP for the sole purpose of hiding TiVo data,
and then you run strong crypto over that for your normal data traffic,
and the only result of breaking wep is that someone can connect to
204.176.49/24, I really don't see the point of worrying too hard about
rotating the WEP key.

Let'em crack it!

Plus, the user interface for changing the WEP key on the TiVo requires
far too many up-down-left-right pushes for me.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@...nehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ