lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ec92bc30810102038xb258499t52de777927dc68ce@mail.gmail.com>
Date: Sat, 11 Oct 2008 09:08:56 +0530
From: "Anshuman G" <anshu.pg@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: WiFi is no longer a viable secure connection

---------- Forwarded message ----------
From: Anshuman G <anshu.pg@...il.com>
Date: Sat, Oct 11, 2008 at 9:08 AM
Subject: Re: [Full-disclosure] WiFi is no longer a viable secure connection
To: Cedric Blancher <blancher@...tel-securite.fr>


Hello,

I have turned off SSID broadcast and its pretty obscure, the password is
obscure too, its WPA personal, i think its impossible to crack/get in my
router without knowing SSID :D .

Regards,
Anshuman Gholap
System Administrator.


On Sat, Oct 11, 2008 at 9:03 AM, Cedric Blancher <
blancher@...tel-securite.fr> wrote:

> Le vendredi 10 octobre 2008 à 23:05 -0400, Valdis.Kletnieks@...edu a
> écrit :
> > You only need a botnet of several hundred gamer's boxes and you're at
> 10M.
>
> Sure. But one question remains: is it worth it ? Using a botnet to crack
> John Doe's PSK where you can just push password stealing malware on his
> box ?
>
> My problem with this kind of "announce" is that it seems to make people
> believe that cracking WPA/WPA2 is easy, just like WEP. But it is not,
> and really far from it. Maybe, or likely, some day, not that far away,
> someone will come up with a crypto or implementation flaw that will
> crush them down, but right now, it is not the case.
>
> So we stuck to a password guessing game. A game we play for years, with
> password hashing algorithms that we are *way* more efficient at cracking
> than a PBKDF2.
>
> I don't say we can't break PSK. I say that we suck at it with current
> implementations, even with a x100 performance increase.
>
>
> --
> http://sid.rstack.org/
> PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> >> Hi! I'm your friendly neighbourhood signature virus.
> >> Copy me to your signature file and help me spread!
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ