Thread: ALERT: WPA isn't necessarily secure
View Single Post
  #19 (permalink)  
Old 12-07-2006, 10:07 PM
John Navas
Guest
  
Posts: n/a
Default Re: ALERT: WPA isn't necessarily secure
On Thu, 07 Dec 2006 11:50:14 -0600, Peabody
<waybackNO784SPAM44@yahoo.com> wrote in
<qvYdh.26484$f25.9301@newsfe17.lga>:

>decaturtxcowboy says...
>
> >> "totally random"
>
> > If any hardware device generates it, its not random. An
> > exception would be using the noise pulses off of a
> > backward biased Zener diode as a code generator.
>
>In one of his podcasts he said that he subscribes to a
>service provided by RSA Security, which I assume provides
>the values he uses in real time.

"And pigs have wings."
$5 says you can't find any such service from RSA.

>I'm the OP on the Gibson part of this, and I didn't intend
>to start a big argument. The idea was just to point out
>that you don't have to use recognizable words in the
>passphrase, or a passphrase that you can remember, but that
>instead it could be any sequence of printable characters.
>You can put that into a file which you burn to a CDR, and
>copy/paste from that to set up the other computers.

Bad idea, since the CD-R then becomes a security weakness.
If you must use a device, go with a USB drive instead, and
*securely* erase it afterward. Or at least a CD-RW,
*securely* erased, *not* just quick erased.

>Those who don't trust Gibson's phrases could re-arrange
>them,

Won't help. "Just say no." Use something else that's better.

>or just make one up,

Bad idea, since that greatly reduces key entropy.

>or maybe let your cat walk around
>on the keyboard and select any 63 characters he/she
>produces.

Hard to say if that would actually be good or bad.

What do you have against dice?

>In any event, 63 characters of un-intelligible
>non-rememberable garbage is gonna give you a pretty strong
>passphrase.

Not necessarily. Security is *HARD*, and not at all intuitive,
even to many experts.

>Well, unless the brute-force crack starts at or near the
>right place. I mean, the cracker could get lucky. But if
>he doesn't, then we could reserve a table at The Resaurant
>at the End of the Universe, and sip on some fine pinot noir
>until the crack completes. Ok, maybe not that long, but
>long enough.

That's dangerously naive.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

Reply With Quote