home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   alt.comp.os.windows-11      Steaming pile of horseshit Windows 11      4,852 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 4,113 of 4,852   
   Maria Sophia to Mr. Man-wai Chang   
   Re: Windows 10 and 11 power state habits   
   27 Jan 26 12:29:37   
   
   XPost: alt.comp.os.windows-10, alt.comp.microsoft.windows   
   From: mariasophia@comprehension.com   
      
   Mr. Man-wai Chang wrote:   
   > Most wirelss security is based on just a password, which is vulnerable   
   > to dictionary hack. Turning OFF your wireles devices can at least make   
   > it harder for the hack. You should also be careful with hackers   
   > injecting fake digital footprints via your wireless devices while you   
   > are sleeping or having a walk away from home.   
      
   Most people have no clue of what I am imparting to the team below, IMHO...   
    *WPA2 has a long-standing design flaw in how it derives its keys*   
      
   It is not just the password. The SSID is part of the WPA2 key derivation   
   process in addition to the password. Anyone who doesn't know this, will be   
   under a false sense of security because they can't protect against it then.   
      
   WPA2-PSK derives its key material from two things. '   
    1. The password is the input to the key stretching function, and   
    2. the SSID is the salt.   
      
   Both are combined to produce the Pairwise Master Key.   
      
   Because the SSID is often common or guessable, combined with dictionary   
   passwords, attackers can build large precomputed tables for those SSIDs.   
      
   This does not break WPA2 by itself, but it makes weak or pattern-based   
   passwords combined with common SSID names vastly easier to attack.   
      
   The design of WPA2-PSK is the issue people need to be aware of.   
      
   To be clear, these online tables to not break WPA2 by itself, but   
   it means that any common SSID combined with a dictionary password is far   
   easier to attack than most people realize. The weakness is in the   
   design of WPA2, not in the access point or the client device.   
      
   There is a reason all my SSIDs are "unique" in as far as I can make them.   
   --   
   On Usenet, we can combine the vast knowledge of many people together.   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca