[cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

first and foremost: WPA2 does NOT prevent an adversary able to inject packets at you from downgrading crypto to flawed RC4. due to odd forgotten legacy protocol bits, every implementation of WPA2 that i have tested is vulnerable to an active downgrade to TKIP/RC4 while still being WPA2 and still

[cryptography] best practice openssl.cnf

Does anyone have a best practice options to use in use for self signed certs with openssl? I just noticed that default_md = md5 was in most examples and a debian/ubuntu bug to up the default to sha1 and i think the best md openssl supports is sha256. So I figured I'd see if anyone had made some

Re: [cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

On 9/15/14, coderman coder...@gmail.com wrote: ... every implementation of WPA2 that i have tested is vulnerable to an active downgrade to TKIP/RC4 while still being WPA2 and still showing all signs of using strongest security settings. yes, this attack does require knowing the WPA passphrase

Re: [cryptography] RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4

On 9/15/14, coderman coder...@gmail.com wrote: ... yes, this is all for now. :) i lied and one last clarification before day is done: why do you care if this assumes knowledge of the pairwise master key? a) my poc sucks; make a better one able to manipulate EAPOL frames without PMK! b)