@radioctiveeucom @SwiftOnSecurity That doesn't cover the protocol flaw that makes it possible, though. That's what I was interested in.
-
-
Replying to @RichFelker
@RichFelker@SwiftOnSecurity @radioctiveeucom it's even in the RFC http://tools.ietf.org/html/rfc4764#section-8.10 … no DH is involved1 reply 0 retweets 1 like -
Replying to @khaxan
@khaxan@SwiftOnSecurity @radioctiveeucom See 1.1p4: ..."WPA-PSK". EAP-PSK is distinct from these protocols & should not be confused w/them1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@SwiftOnSecurity @radioctiveeucom you're correct, but wpa2 uses same method to derive the key1 reply 0 retweets 0 likes -
Replying to @khaxan
@khaxan@SwiftOnSecurity @radioctiveeucom OK so apparently there's a lack of DH too. Lovely.1 reply 0 retweets 0 likes -
Replying to @RichFelker
@RichFelker@SwiftOnSecurity @radioctiveeucom indeed, only way around this is a mix of certificates and a external auth source AFAIK1 reply 0 retweets 1 like -
Replying to @khaxan
@khaxan@SwiftOnSecurity @radioctiveeucom All this makes me think the designers of WPA did not understand the threat model. :(2 replies 0 retweets 0 likes -
Replying to @RichFelker
@khaxan@SwiftOnSecurity @radioctiveeucom Active attacks are much more detectable, so precluding passive attacks is valuable in itself.2 replies 0 retweets 1 like
@khaxan @SwiftOnSecurity @radioctiveeucom And "poster on the wall with AP key fingerprint" makes an easy external auth source.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.