The IETF 78 LAN is using 802.1X (w/EAP) for authentication. The
wpacracker only works if the AP is doing PSK authentication.

  These things seem to get propagated because people punt the hard
problems with statements like "well the PSK is required to be a
uniformly random 128 bit string and if you don't configure it that
way it's your own damned fault." And IETF is not blameless in this

  But to answer your other question, this is being addressed in IEEE
802.11 by adding another PSK-based authentication technique using a
zero knowledge proof. Coming soon to an AP near you!


On Tue, July 27, 2010 8:08 am, Phillip Hallam-Baker wrote:
> Will hack for food gets more professional. Anyone want to try it out
> for me on the IETF 78 LAN?
> It seems doubtful to me that this would work against a really well
> deployed network. But the fact that WPA2 can be deployed in dufus
> configuration should be considered a major protocol flaw. WPA2 was
> after all the fourth attempt the group made at making the protocol
> secure.
> It is not at all clear to me what level of expertise is required to do
> the job right or how to be confident that it is done right.
> The endpoints used in these protocols all have the ability to perform
> public key cryptography at acceptable speeds. Even if they did not,
> the price of 64Mb of flash memory is negligible these days and that is
> sufficient to store more than enough keys to maintain tens of
> thousands of session keys in the access point.
> We have the resources and the technology to do the job right. Why do
> we keep doing half measures that we know are wrong?
> I know this particular issue is an IEEE funeral, but isn't there a
> point where others decide to take responsibility?
> --
> Website:
> _______________________________________________
> Ietf mailing list

Ietf mailing list

Reply via email to