[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <1223695998.15193.42.camel@anduril.intranet.cartel-securite.net>
Date: Sat, 11 Oct 2008 05:33:18 +0200
From: Cedric Blancher <blancher@...tel-securite.fr>
To: Valdis.Kletnieks@...edu
Cc: Full-Disclosure mailing list <full-disclosure@...ts.grok.org.uk>
Subject: Re: WiFi is no longer a viable secure connection
Le vendredi 10 octobre 2008 à 23:05 -0400, Valdis.Kletnieks@...edu a
écrit :
> You only need a botnet of several hundred gamer's boxes and you're at 10M.
Sure. But one question remains: is it worth it ? Using a botnet to crack
John Doe's PSK where you can just push password stealing malware on his
box ?
My problem with this kind of "announce" is that it seems to make people
believe that cracking WPA/WPA2 is easy, just like WEP. But it is not,
and really far from it. Maybe, or likely, some day, not that far away,
someone will come up with a crypto or implementation flaw that will
crush them down, but right now, it is not the case.
So we stuck to a password guessing game. A game we play for years, with
password hashing algorithms that we are *way* more efficient at cracking
than a PBKDF2.
I don't say we can't break PSK. I say that we suck at it with current
implementations, even with a x100 performance increase.
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
>> Hi! I'm your friendly neighbourhood signature virus.
>> Copy me to your signature file and help me spread!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists