radish;156685 Wrote: > I know. The PRNG used to generate a WPA key has no need to be > cryptographically secure. I disagree, seeing as the encryption algorithm used by WPA (in my case) is AES.
> The difference between pseudo- and really-random numbers is only > exploitable if the attacker has some knowledge of the PRNG used and > ideally a large sample of output so they can predict sequential values. > In this example they don't have either, they have a stream which is > encrypted using a single value from the PRNG as key - that's not enough > to exploit the PRNG. I understand. > There's currently no known attack against WPA which is better than brute > force, and provided your key isn't in a dictionary then any value is as > good as any other (of the same entropy). What matters is that the key > you use is long enough and contains enough entropy, and isn't in any > dictionary (or isn't generatable based on a dictionary transformation). Attacks against AES are transferrable to WPA if you use AES instead of TKIP (AES is preferred). Bottom line: by not using a cryptographically secure key for AES encryption, you are increasing the chances of a successful brute-force attack. -- grimholtz 'Get PasswordMaker' (https://passwordmaker.org/) 'Get FoxyProxy' (http://foxyproxy.mozdev.org/) 'Read one of my books' (http://www.amazon.com/exec/obidos/tg/detail/-/1861005202/102-7541338-1644948) ------------------------------------------------------------------------ grimholtz's Profile: http://forums.slimdevices.com/member.php?userid=5235 View this thread: http://forums.slimdevices.com/showthread.php?t=29934 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
