[OpenWireless Tech] ANYFI IS PROPRIETARY!
Alexander List
alex at list.priv.at
Wed Aug 14 19:59:22 PDT 2013
On 08/15/2013 01:48 AM, Björn Smedman wrote:
> Sure there are rainbow tables [5] and so on, but that's basically just
> more elaborate dictionary attacks. So as long as you have a random
> passphrase, with entropy somewhere in the span above, WPA-PSK still
> offers a reasonable level of security IMHO.
I doubt that.
Even though it might be cryptographically hard to decrypt the payload,
there is still a lot of metadata in the side channel that can be derived
from the WPA streams.
http://www.math.unipd.it/~conti/teaching/CNS1213/atpapers/Profiling/profiling.pdf
Unless you are padding all packets and obfuscate the timing as well
(which will lead to additional undesired latency and lower net
bandwidth), you are always revealing information.
Also, historic assumptions on the hardness of encryption do not hold,
because the difference between theory and practice was underestimated,
or more precisely, the theory was applied in an inadequate way.
http://web.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html
I assume that we will see most networks considered "secure" today broken
in only a few years.
Alex
--
"Those who surrender freedom for security will not have, nor do they deserve, either one."
-- Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20130815/fd750503/attachment.html>
More information about the Tech
mailing list