wpa2   336

« earlier    

Falling through the KRACKs – A Few Thoughts on Cryptographic Engineering | https://blog.cryptographyengineering.com/
The IEEE has been making a few small steps to ease this problem, but they’re hyper-timid incrementalist bullshit. There’s an IEEE program called GET that allows researchers to access certain standards (including 802.11) for free, but only after they’ve been public for six months — coincidentally, about the same time it takes for vendors to bake them irrevocably into their hardware and software.

This whole process is dumb and — in this specific case — probably just cost industry tens of millions of dollars. It should stop.

In the end we all know that the answer is for humans to stop doing this work. We need machine-assisted verification of protocols, preferably tied to the actual source code that implements them. This would ensure that the protocol actually does what it says, and that implementers don’t further screw it up, thus invalidating the security proof.
formalverification  security  crypto  wifi  wpa2  vulnerability  humanerror 
8 days ago by kme

« earlier    

related tags

2017  802.11i  802.1x  a:alex-hudson  aircrack  airodump  apple  ar2413  ar2414  article  atheros  attack  authentication  block  blog  bruteforce  bug  cartoon  cipher  cissp  comp3911  computer_security  connected_devices  crack  cracking  crypto  cryptography  cybersecurity  encryption  exploit  fail  formalverification  github  go  golang  hack  hacking  hashcat  hccap  hidden  hole  htc-krack  humanerror  ieee  ifttt  informatiebeveiliging  information-security  information  infosec  internet.of.shit  internet  internet_of_things  iot  key  keystream  krack  krak  michael  mode  network  networking  nsa  on:alex-hudson  onetimepad  pentesting  pocket  protocol  read  reinstallation  security  ssid  ssl  standard  standards  stream  test  theguardian  tls  tutorial  uh-oh  vernam  vulnerabilities  vulnerability  wi-fi  wifi  wireless-script  wireless  wlan  wpa  wpa2-krack  wpa2crack  wps 

Copy this bookmark: