Still frustrated that open Wi-Fi doesn't do a Diffie-Hellman round to defeat passive attackers.
And that WPA-PSK doesn't use a proper PAKE to make the password uncrackable and useless to passive attackers.
#petpeeves
-
Show this thread
-
Replying to @FiloSottile
To do that, would Wifi need to give each user their own virtual segment/broadcast-domain? because ethernet peers need to share keys anyway. That'd be neat to see! Good for public access points. Not so good if you want a Sonos/Airplay/Printer/Fileshare to work though.
2 replies 0 retweets 1 like -
Replying to @colmmacc @FiloSottile
No inherent reason. If so it would just be bad design tradeoffs.
1 reply 0 retweets 0 likes -
Replying to @RichFelker @FiloSottile
I think there is an inherent reason: wifi is multi-party, but DH is two party. There are multi-party DH algs, but nothing that isn't O(N^2) or multi-round. Though I guess DH could be used to exchange an envelope key for the shared medium key.
1 reply 0 retweets 0 likes -
Replying to @colmmacc @FiloSottile
I don't count "wifi is..." as inherent. Of course bcast could have all gone thru AP. But better approach is just having AP issue shared key for bcast.
1 reply 0 retweets 1 like -
Replying to @RichFelker @FiloSottile
Wifi also supports multiple APs, and extenders, all of these have to share keys as you roam or flip between APs and deal with partitions. There's also Wifi Direct, where the devices communicate p2p, not via the AP. It's all a pretty tough design challenge for DH!
2 replies 0 retweets 1 like
Totally doable to have a DH and Forward Secret wireless networking technology, and maybe it's beyond time, but I doubt it'd be an evolution of wifi. Probably a different standard with different behaviors, and more like a VPN at the network level.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.