Slashdot Mirror


New Wireless Security Standard Has Old Problem?

eggboard writes "Wireless security expert Robert Moskowitz, who sits on IEEE and IETF committees on that subject, sent me a short paper on a glaring weakness in the Wi-Fi Protected Access (WPA) protocol that's replacing the weak and broken WEP system well discussed here at Slashdot. His paper, which I've posted here, proves definitively that while WPA itself remains robust and secure, the interface for choosing consumer passwords makes it simple to snarf a tiny bit of network traffic and perform an offline dictionary attack. For Slashdot readers, this probably seems trivial, but because Linksys, Apple, and others are letting users enter My Dog Has Fleas as their passphrase, WPA might be less secure for home users than WEP."

5 of 249 comments (clear)

  1. Oh, thanks. by Anonymous Coward · · Score: 5, Funny

    Way to tell everybody my password.

    Man, now I have to change it.

  2. Re:My Dog Has Fleas? by Tumbleweed · · Score: 4, Funny

    Yeah, but what if your does doesn't HAVE fleas? Or if you don't even have a dog? Then your security is based on nothing but LIES! And how secure can THAT be? Think before you ask these questions, Mitch.

  3. What's that? by dswensen · · Score: 5, Funny

    perform an offline dictionary attack

    What, you sneak up behind the sysadmin and brain him with a copy of Webster's?

  4. Re:My Dog Has Fleas? by stefanlasiewski · · Score: 5, Funny

    My Dog Has Fleas is a positively fantasic password compared to the usual choice of a middle name, spouse's name, child's name or birthdate.

    Well, not really.

    Using your child's name for a password is a million times more secure then posting it on Slashdot :)

    And with the Slasdot crowd, maybe someone really does have a kid named "j3Nn!f3r". What could be more secure then that? It's so secure that those poor kindergarteners can't even pronounce it!!!

    --
    "Can of worms? The can is open... the worms are everywhere."
  5. Re:My Dog Has Fleas? by Chops · · Score: 4, Funny

    Once I noticed that an acquaintance of mine's Win2k machine had no password on the "Administrator" account. I began to lecture him on the dangers of SMB, C$, and such, and the fact that his machine was basically freely usable by anyone who had (a) the internet and (b) some semblance of clue and maliciousness.

    He laughed and said, "Yeah, but who would think that the administrator account wouldn't have a password?"

    I gave up and said no more.