first and foremost:
WPA2 does NOT prevent an adversary able to inject packets at you from
downgrading crypto to flawed RC4. due to odd forgotten legacy protocol
bits, every implementation of WPA2 that i have tested is vulnerable to
an active downgrade to TKIP/RC4 while still being WPA2 and still
Does anyone have a best practice options to use in use for self signed
certs with openssl?
I just noticed that default_md = md5 was in most examples and a
debian/ubuntu bug to up the default to sha1 and i think the best md
openssl supports is sha256. So I figured I'd see if anyone had made
some
On 9/15/14, coderman coder...@gmail.com wrote:
... every implementation of WPA2 that i have tested is vulnerable to
an active downgrade to TKIP/RC4 while still being WPA2 and still
showing all signs of using strongest security settings.
yes, this attack does require knowing the WPA passphrase
On 9/15/14, coderman coder...@gmail.com wrote:
...
yes, this is all for now. :)
i lied and one last clarification before day is done:
why do you care if this assumes knowledge of the pairwise master key?
a) my poc sucks; make a better one able to manipulate EAPOL frames without PMK!
b)