Falling through the KRACKs – A Few Thoughts on Cryptographic Engineering | https://blog.cryptographyengineering.com/
8 days ago by kme
formalverification security crypto wifi wpa2 vulnerability humanerror
The IEEE has been making a few small steps to ease this problem, but they’re hyper-timid incrementalist bullshit. There’s an IEEE program called GET that allows researchers to access certain standards (including 802.11) for free, but only after they’ve been public for six months — coincidentally, about the same time it takes for vendors to bake them irrevocably into their hardware and software.
This whole process is dumb and — in this specific case — probably just cost industry tens of millions of dollars. It should stop.
In the end we all know that the answer is for humans to stop doing this work. We need machine-assisted verification of protocols, preferably tied to the actual source code that implements them. This would ensure that the protocol actually does what it says, and that implementers don’t further screw it up, thus invalidating the security proof.
8 days ago by kme
related tags2017 802.11i 802.1x a:alex-hudson aircrack airodump apple ar2413 ar2414 article atheros attack authentication block blog bruteforce bug cartoon cipher cissp comp3911 computer_security connected_devices crack cracking crypto cryptography cybersecurity encryption exploit fail formalverification github go golang hack hacking hashcat hccap hidden hole htc-krack humanerror ieee ifttt informatiebeveiliging information-security information infosec internet.of.shit internet internet_of_things iot key keystream krack krak michael mode network networking nsa on:alex-hudson onetimepad pentesting pocket protocol read reinstallation security ssid ssl standard standards stream test theguardian tls tutorial uh-oh vernam vulnerabilities vulnerability wi-fi wifi wireless-script wireless wlan wpa wpa2-krack wpa2crack wps
Copy this bookmark: