> > Taking the "where is the WiFi with this particular BSSID" example but > > assuming the attacker has little information about its location, in order > > to brute-force the hash one would need to try each and every possible > > bounding box. Staying with the 1�1km box size, the number of hashes to > > calculate would amount to: > > Assuming the BSSID is still in NA, it would take about 3 minutes. An hour to > find it anywhere in the world.
This would, of course, depend on the grid size and hash algorithm used. But thanks for pointing out the processing time issue. Assuming we have tweaked the parameters so that it takes a second to find a particular WiFi in a 1 km² area, the same operation in a 250,000 km² search area (approximately the size of the UK) would take about a month. That may be still not be prohibitive, and a further increase in processing time might slow down legitimate uses beyond feasible limits. _______________________________________________ dev-geolocation mailing list [email protected] https://lists.mozilla.org/listinfo/dev-geolocation
