[OpenWireless Tech] ANYFI IS PROPRIETARY!
Todd Freeman
todd at chiwifi.net
Wed Aug 14 07:19:36 PDT 2013
Unless you can implement Elliptic curve cypto, openssl does support it, but on redhat/centos you need to recompile openssl for ECDSA and ECDH support, debian/ubuntu comes with it by default now. That would not only solve your issue, but also catapult you to the top of the wifi game.
----- Original Message -----
From: "Todd Freeman" <todd at chiwifi.net>
To: "Björn Smedman" <bs at anyfi.net>
Cc: Tech at srv1.openwireless.org
Sent: Wednesday, August 14, 2013 9:16:21 AM
Subject: Re: [OpenWireless Tech] ANYFI IS PROPRIETARY!
WPA/WPA2 is good for wifi end points because the attacks against it would require a local user, thus it's mostly a non issue that it is easy to break simply because of how pointless it usually is. But to use that same method to cross the internet ? where it passes though many MANY points where MITM can originate. It was never meant to do what you are doing with it, because of this scenario. It's good enough security for a hotspot, it is not good enough to secure your traffic that is traversing tapped networks. Also as amazing as the 256aes for wpa2 sounds, its about 70bits of security in real world application, that is trivial to exploit. http://www.keylength.com/en/4/ Bscially if you wanted the amount of security you are assuming aes256 in wpa2 provides, you would need to be using 15MB keys, when using 2048bit keys with aes256, its really about 70bits of security, not 256.
----- Original Message -----
From: "Björn Smedman" <bs at anyfi.net>
To: "Todd Freeman" <todd at chiwifi.net>
Cc: michi1 at michaelblizek.twilightparadox.com, Tech at srv1.openwireless.org
Sent: Wednesday, August 14, 2013 8:44:01 AM
Subject: Re: [OpenWireless Tech] ANYFI IS PROPRIETARY!
On Tue, Aug 13, 2013 at 7:55 PM, Todd Freeman <todd at chiwifi.net> wrote:
> I also just noticed, are you relying on WPA for your network security ?!
Do you have a general weakness in WPA that you would like to share
with the list?
There is nothing seriously wrong with the security of WPA itself. What
is known to be insecure, more specifically susceptible to dictionary
attack, is WPA-PSK with a weak passphrase. But even a passphrase of 8
random mixed case alphanumeric characters will be relatively secure.
And if you want more security there's nothing stopping you from
entering the full 256 bits of entropy into your PSK or configuring
EAP-TLS, both of which will arguably protect your communication even
against a nation state adversary.
Björn
_______________________________________________
Tech mailing list
Tech at srv1.openwireless.org
https://srv1.openwireless.org/mailman/listinfo/tech
More information about the Tech
mailing list