On 06/22/2010 07:27 PM, Darr was caught red-handed while writing:: > On Tuesday, 22 June, 2010 @22:00 zulu, JD scribed: > > >> WPA2-PSK + AES : I thought it is not possible for inter-customer >> traffic to figure out the keys because once the connection is >> established, >> keys change dynamically per the protocol. Perhaps a an expert on the >> WPA2-PSK protocl can shed some light on this. >> > The unsecure part is, if left to their own devices people tend > to choose weak passwords. It really is that simple. > > If you choose a password that is a dictionary word or the name > of one of your kids/friends/pets, or a phone number, or a simple > sequence on the keyboard like 123456, 1234qwer, qwertyuiop, > et cetera, then AES can be 'cracked' using the dictionary method. > > If you choose a passphrase like 1a!B2@Cd3#4$efGH(56) it's > virtually uncrackable, Especially since there's a 1-minute xmit > timeout enforced when there have been 2 wrong PW tries in > 30 seconds. Even if they could make 3 guesses per second it > should take a couple hundred centuries to crack that passphrase. > > Even so, that does not mean you can decrypt another user's traffic, because you will n ot be able to find out the keys that were exchanged just before the client transmitted a packet, regardless of how weak the passphrase is when using AES. All clients will be using same passphrase anyhow (assuming we are still talking about using a public wifi hotspot, or even a workplace shared wifi router/gateway, which is set to accept only WPA2-PSK and AES encryption - no two clients will be in lock-step conversation with the gateway such that they exchange same keys with the gateway. So, inter-client traffic (which means that someone has some software on his/her machine, and has set his/her interface in promiscuous mode and is trapping packets from some particulat IP address. Good luck trying to decrypt them The Japanese team of scientists could not do it. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
