On 08/15/2013 01:48 AM, Björn Smedman wrote: > Sure there are rainbow tables [5] and so on, but that's basically just > more elaborate dictionary attacks. So as long as you have a random > passphrase, with entropy somewhere in the span above, WPA-PSK still > offers a reasonable level of security IMHO. I doubt that.
Even though it might be cryptographically hard to decrypt the payload, there is still a lot of metadata in the side channel that can be derived from the WPA streams. http://www.math.unipd.it/~conti/teaching/CNS1213/atpapers/Profiling/profiling.pdf Unless you are padding all packets and obfuscate the timing as well (which will lead to additional undesired latency and lower net bandwidth), you are always revealing information. Also, historic assumptions on the hardness of encryption do not hold, because the difference between theory and practice was underestimated, or more precisely, the theory was applied in an inadequate way. http://web.mit.edu/newsoffice/2013/encryption-is-less-secure-than-we-thought-0814.html I assume that we will see most networks considered "secure" today broken in only a few years. Alex -- "Those who surrender freedom for security will not have, nor do they deserve, either one." -- Benjamin Franklin
_______________________________________________ Tech mailing list [email protected] https://srv1.openwireless.org/mailman/listinfo/tech
