Mark Lanctot wrote: > Well yes, password size matters, but I was referring to AES's more > advanced encryption than TKIP. > > Since TKIP hasn't been broken yet, AES is overkill - but still, it > costs nothing in terms of time and money to implement, so I did it. >
The main risk at the moment is using brute force to crack the keys. Using a short password or one from a dictionary is just as big a problem with AES as with TKIP. That's also the attack against WEP, except that in this case some stupidities in the protocol implementation make it a lot easier. But it's not very difficult to make an insecure implementation of AES encryption. Regards, Peter _______________________________________________ discuss mailing list discuss@lists.slimdevices.com http://lists.slimdevices.com/lists/listinfo/discuss