WPA2 Wireless Security Crackable WIth "Relative Ease"

An anonymous reader writes "Achilleas Tsitroulis of Brunel University, UK, Dimitris Lampoudis of the University of Macedonia, Greece and Emmanuel Tsekleves of Lancaster University, UK, have investigated the vulnerabilities in WPA2 and present its weakness. They say that this wireless security system might now be breached with relative ease [original, paywalled paper] by a malicious attack on a network. They suggest that it is now a matter of urgency that security experts and programmers work together to remove the vulnerabilities in WPA2 in order to bolster its security or to develop alternative protocols to keep our wireless networks safe from hackers and malware."

this is not news

This sounds like the classic de-auth, handshake capture, then brute force attack.

It's still a bitch to crack without G.O. resources. Moxie has a service that will try for you...

Re:this is not news

Interesting that you could come to the conclusion that this is obvious only six minutes after the story was posted.

Re:this is not news

[anubi]

I think of it as this way. We know our stuff is getting snooped and hacked into. Its high time EVERYBODY knows this stuff is NOT private.

This forum, along with all the other times this has been discussed here on Slashdot, as well as other technical forums, provides evidence that may be one day very useful in a court of law if some copyright holder tries to prove an illegal download took place. If it took place through a wireless network, can it be proven who the recipient of the illegal download was?

We can whine and complain all we want, but if business finds it cheaper to simply include hold harmless clauses in their terms than to provide a robust product, they will do so, but in doing so, they have also removed surety of proof of download for the high and mighty MAFIAA.

The Copyright industry has spent millions of dollars to pamper Congressmen to pass law to make sure no-one can listen to a song unless terms of endearment are complied with... now they are finding out they just put a multimillion dollar lock on a cardboard door.

We do not have the money it takes to pay for Congressmen. The copyright people seem to have unlimited money. Money to hire lots of lawyers and send lots of threat letters. Those letters will be ineffective as long as we have insecure systems and no-one can prove a thing. We may have a problem with insecure systems, and the MAFIAA has a hell of a problem.

This kind of stuff gives everyone and his brother plausible deniability, which now means a total lack of accountability for online activity.

Re:this is not news

[SuperTechnoNerd]

Does this mean I don't have to lock the doors on my house when I go out anymore?

Re:this is not news

That you are ignorant of a method's widespread use and common knowledge, does not serve as legitimate cause for you to project that ignorance onto others. This "hack" has been known for some time, arguably since the creation of the protocol, since it is central to the functionality of said protocol. The only development of any note is how much easier it has become in the interim to brute-force passwords, given advancements in CPU/GPU processing power/techniques.

Re:this is not news

[WillyWanker]

Yeah, exactly. Nothing to see here. Show it to me happening in real time with common easily obtainable equipment and maybe then you'll get my attention. But not with a lot of maybe's, perhaps, and coulds.

Re:this is not news

[AmiMoJo]

The problem is that most people use crap passwords. Too short, only alphanumeric with no special characters, a combination of dictionary words or common phrases etc. A GPU and a good dictionary can crack the majority of passwords in use today.

What we need to do is get away from passwords. WPS isn't so good but some routers support NFC for key exchange now, which seems ideal. If the attacker is within 2cm of the router already you have bigger problems.

Re:this is not news

[Neil+Boekend]

A combination of dictionary words can be a strong password. This does require a large password field, but WPA 2 seems to support 64 characters so that's covered.
A random set of dictionary words is easy to remember for a human and difficult to guess for a computer.
We need to get away from insane password rules.
1. A max length of below 32 characters is bullshit. Instead, set a minimum length of 16 characters and advise to use a few random words.
2. Requiring non-alpahnumeric characters seems safe, but it moves the passwords away from words, thus it moves it to a less useful password style. Besides, the attacker knows this rule. So he'll try a dictionary attack with o's replaced with zeroes and stuff like that.
3. ...
4. Profit. Or at least less losses from theft.

Face it. Most password rules do not create passwords that are easy to remember. They create passwords that are relatively easy to brute-force.

Re:this is not news

[AmiMoJo]

A combination of dictionary words can be a strong password.

Not any more: http://arstechnica.com/securit...

Combinator attacks will chew through any random combination of dictionary words pretty quickly. Length is irrelevant, only the number of words matters and typically it is quite low. In the XKCD example you linked to it is just four. For once XKCD gave out shockingly bad advice.

Re:this is not news

[david_thornley]

"Not any more" doesn't apply. It's no more difficult to do brute-force dictionary attacks than it has been.

However, brute-forcing a "correct horse battery staple" password (Munroe apparently was thinking of random selection from a 2K-word dictionary) does involve an average of 2^43 attempts, something over 8 trillion (best/worst case is double that). At a million tries per second, it would take well over a week. At a billion tries per second, that would take more than two hours. That's not about to stop somebody serious who's specifically targeting you, but somebody who's snarfed a hashed password list and is looking for quick passwords for accounts is very unlikely to take the resources. (Your bank or credit card company has had their password list copied by an intruder, and they're savvy enough to keep the hashes. The crackers are going to harvest the easy passwords and what they can get. Unless they have some particular reason to target you, they'll be content with the passwords that take up a few seconds each.)

It's better than the long uncommon word followed by a digit with some letters replaced by l33t-speak equivalents that Munroe uses for comparisons. It's easier to remember than anything else I've seen that's comparably easy to memorize. (Quotations are longer and relatively easy to memorize, but crackers specifically look for them, also, and there's not enough of them for security.) It's also easily extendable. Add two words. It's significantly harder to memorize now, but it increases time to crack by about four million, and that is enough to stop most enemies.

Re:this is not news

[TheRealLifeboy]

AC is such a pathetic louse with a small wheenie... And brain damaged too.

Eh...

Reads article...

Longer passwords make brute force cracking more difficult... Possible attack vector via the wireless de-authentication and re-authentication that WPA2 connections maintain for clients... With potential fast scanning and proper spoofing, an intruder could knife their way it...

Why does this feel like nothing new?

Re:Eh...

[MtViewGuy]

It could be fixed by upgrading the software used by routers and by client devices, but 1) everyone has to agree on an updated standard and 2) how are they going to do the upgrade for Android-based cellphones? (Easy to do on an Apple iOS device--just run an update to iOS itself.)

Re: Eh...

[a-zarkon!]

It undoubtedly will be fixed with adoption of an enhancement to the existing protocol or an entirely new protocol. We saw that with the evolution from WEP to WPA to WPA2. The challenges are that this will take time for a fix and new standard to be determined and the processing capability of the currently deployed wireless infrastructure. There is a fair likelihood that today's access point will not have enough horsepower to efficiently process the next generation authentication and encryption protocol. This means that there is a period of time where a known exploitable vulnerability exists and there is no fix available (time to determine the short and longer term fix + time for everyone to move to the new infrastructure supporting the new standard.) This is how it has always been with wireless, and probably how it always will be. It is similar to anti biotics, eventually resistant bacteria become prevalent, diminishing effectiveness and spurring the need to find new drugs. If we are smart, we have already been working quietly on WPA v3 and this will be announced shortly and adopted quickly when we reach the point that WPA 2 is demonstrably capable of being compromised by a savvy motivated individual vs. a govt funded team. In the meantime VPN always has been and remains a viable option for wireless security.

Re: Eh...

[MtViewGuy]

That's what I said about Number 1--everyone has to agree on a new variant of the WPA standard. That could take a while. Meanwhile, I use a 16 alphanumeric character randomized password that will be still very hard to crack by brute force.

Re:Eh...

[Neil+Boekend]

Call it WPA 3 (or WPA 2.5 if you don't feel the change warrants a major number change) and treat it like any other system.
If not all of your devices support WPA 3 you set the router to WPA 2 and "hope" nobody hacks you (not really hoping. It isn't an issue in most home applications).

keep our wireless networks safe from hackers...

[fustakrakich]

How do you keep something you never had?

Re:keep our wireless networks safe from hackers...

We don't have wireless networks?

Re:keep our wireless networks safe from hackers...

[Larryish]

No, we never had hackers. Duh.

it's bad enough with regular passwords

[ruebarb]

I already have to tell friends and family to use a alphanumeric password not based on a dictionary word - I was helping a friend find out why her wireless charges were so high, and using backtrack and some basic documentation - (knowing almost nothing about wireless security) - I was able to find out her wireless password based on the fact she was using a regular word in my dictionary list

wireless = never safe

Re:it's bad enough with regular passwords

[Mashiki]

You think that's bad? Wait until you run across the issue where your ISP doesn't even both to set up basic passwords on your wireless hub.

Re:it's bad enough with regular passwords

[fnj]

Use a long passphrase. Might I suggest battery horse correct staple?

You insensitive clod! You just blabbed my password. Now I'll have to change it to capacitor mule wrong nail.

Oh wait ...

Re:it's bad enough with regular passwords

A moderate-length (24+ chars) phrase will be way more secure than your random pattern of letters, numbers and characters, PLUS it's FAR easier to remember, thereby reducing the odds that the super-secure gobbledy-gook you forced them to invent wont just get written down on a piece of paper and stuck to the refrigerator door for every passer-by to read...

Oblig XKCD

-AC

Re:it's bad enough with regular passwords

[DarwinSurvivor]

You think that's bad? Wait until you run across the issue where your ISP doesn't even both to set up basic passwords on your wireless hub.

Ok, now I'm curious!

Re:it's bad enough with regular passwords

[jones_supa]

Well, as a network segment, wireless looks like a hub (all traffic reaches all clients).

Re:it's bad enough with regular passwords

[DarwinSurvivor]

touché

Re:it's bad enough with regular passwords

[SuricouRaven]

Except it doesn't, quite. Horizon problem: A is in range of the AP, B is in range of the AP, A and B are not in range of each other. If A sends a broadcast frame the AP will relay it so B can recieve it, but it doesn't do that for unicast packets for which it knows the recipient MAC address is on the wired side.

Re:it's bad enough with regular passwords

For a system where finding a written-down password is as difficult or easy for an attacker as getting physical access to the network, creating a long truly random password and writing it down really isn't such a bad idea. On the other hand, a phrase which is comprised of dictionary words, chosen by a human and "moderate length" according to your definition does not have enough entropy. Researchers found human-chosen four-word passphrases to have only about 20 bits of entropy. That's far less than a truly random 8 character password (which is also not sufficient).

Re:it's bad enough with regular passwords

[Rich0]

Heck, some ISPs probably still distribute wireless APs that only support WEP.

EAP?

[manu0601]

I understand this is about recovering the PSK. This would mean that authentication using a certificate, such as EAP-TTLS is still safe. Correct?

Re:EAP?

[skids]

Can't tell what exactly the paper is about due to a paywall and the fact that the article was written by someone not very techincal.

EAP-TTLS, as long as you are validating the server certificate, is pretty safe. Safer with a locally managed CA and installed client cert, but at least as safe as the web browsing you'll be doing on it after connecting anyway. The safety advantage to WPA-Enterprise over WPA-PSK is mainly due to the fact that you don't have to distribute the same easily-cloned PSK to every client. In addition, if installing and validating client certificates (not the usual mode for EAP-TTLS) they can be locked to specific user accounts. For keeping out the riff-raff they can be locked to MAC addresses as well but that only serves to ban the amateurs.

Re:EAP?

[WaffleMonster]

I understand this is about recovering the PSK. This would mean that authentication using a certificate, such as EAP-TTLS is still safe. Correct?

I would say in practice "enterprise" password authentication via TLS (PEAP-* and TTLS-*) is the least secure authentication method for the simple reason virtually no client is configured properly to validate both certificate and identity.

The end result TLS is effectively subject to MITM attack for the overwhelming majority of clients...leaving squishy inner PEAP/TTLS authentication protocol (all completely worthless)

In my view EAP-TLS with mutual certificate authentication is still the most secure authentication option available.

Stanford's SRP protocol would be awesome to protect WPA passwords I believe it could be implemented with minimal changes to existing TLS stacks ... simply do TLS-SRP via EAP-TLS EAP method instead of the cert auth ... you get secure password authentication without the offline attack vector, or having to implement a new EAP method from scratch.

Re:EAP?

[manu0601]

You mean that clients do not check proper certificate signature by the CA?

Re:EAP?

[WaffleMonster]

You mean that clients do not check proper certificate signature by the CA?

The main problem is not so much CA validation but lack of a global namespace.

When I type https://www.securesite.com/ into my browser the only certificates my browser accepts are the ones explicitly for www.securesite.com... certs for www.someothersite.com don't work.

With EAP authentication no such check is done automatically by default. To be secure the client must explicitly select a CA **AND** certificate identity (e.g. www.securesite.com) ... otherwise you might well be presented with a valid certificate.... yet you won't know if it is one legitimately assigned to an attacker. Attackers after all can buy SSL certs the same as you or I.

In too many cases the extra work is simply asking too much of the user... some mobile clients are not even able to provide necessary configuration options to secure it.

Re:EAP?

[MikeBabcock]

Importantly, this is also where we get into that root cert problem for companies that people complained about in a recent /. story because a lot of companies just use their own internal CA to authenticate the certs for both users and wireless devices which requires installing their root CAs on the machines and trusting them.

Re:EAP?

[manu0601]

Attackers after all can buy SSL certs the same as you or I.

But AFAIK, there is no preloaded CA for EAP. You install only the CA of your organization, which narrows the opportunities to have a valid certificate.

But indeed if someone steals any certificate you signed with the installed CA, an attack is possible. That advocates for using a sub-CA, or a dedicated CA just for EAP.

Re:EAP?

[Xylantiel]

I believe the problem is that the interface for this and the way warnings are handled is just horrible and inconsistent between clients.

For example, android requires yout to set a passcode in order to store the public certificate. That's right you need to lock your device so nobody can get access to that PUBLIC key. duh. Clearly you should have a passcode for a private key, but not a public one. I"m not sure if this has been straitened out or not. Also it's often not clear if you can say the equivalent of "trust the current certificate, and warn me if the network tries to give a different one". It typically asks you to manually load the certificate that the server can easily send to the client.

This doesn't even mention that generally the cert will be signed in a way that it can be verified through the same trust chain the web browser uses. While this isn't optimal, it's pretty decent in practice and could easily be implemented as an option.

Re:EAP?

[skids]

In my view EAP-TLS with mutual certificate authentication is still the most secure authentication option available.

You;re half right, but EAP-TLS doesn't have a password/account component, just the cert, so you are missing an authentication factor. If you're going through the trouble of actually making sure clients are running a secure supplicant to the point of making users add a client cert and a local CA trustpoint, just secure the settings on the TTLS/PEAP client and ban OSes like android that don't validate. Turn on verification of the client-side cert if you like, too.

Re:EAP?

[skids]

But AFAIK, there is no preloaded CA for EAP. You install only the CA of your organization, which narrows the opportunities to have a valid certificate.

Depends on your security requirements. Most OSes trust anything in the OS default trsuted CAs which includes most major CAs. If you're satisfied with the integrity of all the CAs in that list, you can buy a RADIUS server-side cert form them and the clients will trust it.

The problem comes in making sure the self-service user checks the box to perform the validation and also types in the expected owner name. By default most OSes do not validate this information so anyone with a stolen priate key from a CA-certified website can pose as your RADIUS server.

Now, for most OSes other than Android, this vulnerability only exists the first time a user connects to the network (or again whenever they delete the network manually) because the OS then takes the certificate it found and assumes it valid, but then will not accept any other certificate.

Android is a total slut about this and never validates, and the phone would have to be rooted just to be able to turn on validation. Word has it the newest version at least contains hooks that would allow a supplicant configurator to turn on validation, but I have yet to see an android that lets me type in an owner name. When even Apple is doing a better job at security than you, hang your head in shame.

Re:EAP?

[manu0601]

If one device has commercial CA configured, and it does not check the CN, this means that any certificate obtained from a valid CA can be used to highjack EAP. It looks like a rather severe vulnerability.

Re:EAP?

[WaffleMonster]

You;re half right, but EAP-TLS doesn't have a password/account component, just the cert, so you are missing an authentication factor.

Clients can ask user to provide a password to access/decrypt private key required to authenticate client to server. The "account" component is client identity (e.g. name of public key)

If you're going through the trouble of actually making sure clients are running a secure supplicant to the point of making users add a client cert and a local CA trustpoint

I've been pushing vendors for 10+ years for a usable solution and they don't seem to care.

All most people want is passwords without all the worry about brute force attacks. Users and Operators alike don't want to deal with certs at all ..there is no *good* reason they should have to.

Re:Expected

[skids]

Once quantum computing fully arrives, I guess encryption will be mostly moot.

Bad guess

so?

[the_Bionic_lemming]

Brute force attacks compromise simple passwords?

This is news?

It's kind of silly to worry about

[msobkow]

The only reason I encrypt my wifi connections is to prevent casual wanderers from connecting to my network and sucking up bandwidth. Any data that needs securing is encrypted by the computer, not by the modem/router.

If I could get proper password protection without the encryption, I wouldn't bother encrypting the traffic. I could care less who snoops it -- so long as they're not sucking up bandwidth.

Re:It's kind of silly to worry about

Uh, you're forgetting that a wifi connection is two way. If they can get onto your network, they're inside your hardware firewall. Better hope you have a good software firewall and/or that you don't have any exploitable services.

Re:It's kind of silly to worry about

[DarwinSurvivor]

That still won't protect you from arp poisoning, DNS redirects (or direct forging), SSL Stripping, the list goes on.

Re:It's kind of silly to worry about

[Burz]

That's why security is not a boolean. If you regard it as black-and-white, it'll drive you nuts.

Be thankful you can at least whittle the trust issues down to things like switch vendors.

Re:It's kind of silly to worry about

[DarwinSurvivor]

If you do a blanket arp attack (like sending ALL traffic through you or trying to knock out the arp table), but if you target 2 specific systems it can become more difficult to detect (though not impossible).

Re:why crack my Wi-Fi

[skids]

WPA2 keeps the neighbors from eating mah bandwich?

Try "it keeps people from injecting exploits into your computer by impersonating web servers." Be glad you enabled it.

Re:MAC filtering and PSK

[compro01]

MAC filtering does nothing useful. You're shouting your MAC from the rooftops any time you're connected to the network, so cloning it is exercise in triviality for any attacker with an IQ greater than their hat size.

Re:Expected

[ComputersKai]

Not when encryption methods that make use of quantum computing power come, like a permanently stalemated arms race.

Just when you thought you've sharpened your spear to the finest, your opponent has fortified his shield to the fullest.

Re:Expected

[dickens]

OTP FTW

Wireless Access Points = Hacker Access Points

[millertym]

If you are even the slightest bit concerned with the security of data on your network, isolate wireless completely from your secure data. In my very unscientific estimate it seems 90%+ of the usefulness of wireless is for just basic internet access for executive types anyhow who don't need to be checking production data.

Re:Expected

[AaronW]

Just use a one time pad. It's perfectly secure, even to quantum cryptography as long as the source is truly random. Creating a truly random number generator that takes advantage of quantum effects is not terribly difficult. Many modern CPUs now have this support built-in. The only weak point is how you get the one time pad to both locations and that it can only be used once. Even this is possible by having multiple pads sent via different methods and XORing them together at the destination. In order to crack it all copies would have to be intercepted and copied though additional security measures could be added to make even this difficult.

Re:MAC filtering and PSK

[Concerned+Onlooker]

Ooops. I'm going to have to get a smaller hat.

Re:why crack my Wi-Fi

[MikeBabcock]

No, that's SSL.

Re:why crack my Wi-Fi

[davidhoude]

Because SSL on Open WiFi is fool proof....

He was correct. While you are also correct, you failed to see the attack vector. If the network is not secure, your SSL may not be effective, at least not for all users.

Re:Expected

One-time pad truly means one-time pad however. That means a new pad for every single transmission - that's why it becomes untenable.

On the other hand, the way network encryption works is typically this:
(1) Use asymmetric encryption once to securely deliver the remote computer the key to a symmetric algorithm.
(2) Use the symmetric key for the remainder of the communication.

It's possible that RSA is compromised, or that a G.O. has the means to cracking it via an unpublished mathematical discovery, but there are other asyms out there.

Re:Expected

One type pads can work for some things. maybe companies will send you a credit card sized device containing gigibytes of random pad data that you can use to communicate with that company.

What has limited the attack number in WPA-PSK?

[dutchwhizzman]

What has limited the attack number in WPA-PSK? That's the question I have after reading all the data that is freely available. From what I know and can gather about this, the researchers found a way to reduce the amount of brute forcing required to guess the key in WPA-PSK. They used something in the de-auth and probably re-auth after that to gather information about the key to do so.

Paywalling this information is a bad thing. Either do a full disclosure, or keep it secret and notify all vendors that are vulnerable. What we have now is Fear, Uncertainty and Doubt. The result will be that the bad guys will find out how it's done and implement a practical attack that we don't know how to detect or defend against. Alternatively, a white-hat will find out or pay for the article and publish it. That will probably result in the white-hat getting sued for leaking the information in the article. Regardless what will happen, this is probably the worst way to tell the world of a security vulnerability in a product used world wide by over a billion people.

Universities should stop requiring publication in papers that aren't free to read, or free to publish in. The quality of the paper is of secondary importance to the magazine if people have to pay to get published. The reach to people for which the research is relevant is limited if the audience has to pay for reading the article. In my opinion, requiring at least three positive peer reviews from other universities or something similar, would be a much better way to make sure that research is up to standards and relevant than a short list of places that will publicise a paper. Reviewing papers from other universities should be part of the mandatory tasks students have to fulfil in order to be allowed to write their own paper.

Re:What has limited the attack number in WPA-PSK?

Nobody knows what they did, because their paper is paywalled. From afar, it looks like the a compilation of standard attack methods. The WLAN standard uses unencrypted deauthentication packets, which enables an attacker to kick anyone from the network without knowing the network's encryption key. This can be used in a denial-of-service fashion, where the attacker continously deauths everyone, so that nobody can use the network. Or it can be used once on the victim: The victim will automatically reconnect to the network, which gives the attacker an opportunity to capture the handshake which includes the key negotiation. The attacker can then use this recording to perform an offline brute force attack to find the key. If the attacker guesses the key, he's in.

Without using deauth, the attacker would just have to wait until the victim connects to the network on its own. That's not going to stop a determined attacker, i.e. one who attempts a brute force attack on WPA-PSK.

Long story short: If that's it (I don't see any hint that it's not), then a sufficiently random pre-shared-key prevents a successful attack.

Re:MAC filtering and PSK

[koinu]

MAC filtering even lowers security. Some lazy crackers might have not changed their MAC when they are attacking and it could be easier to identify them next time. When they are spoofing MACs they use your own MACs which they see on your network. You basically (could) lose information about the attackers. And this is bad.

Re:Expected

[SuricouRaven]

I can imagine a VPN server with a rack of slots for those (Probably just read-only USB mass storage interface). Give one to the VPN, one to the person going on their trip or working at home. You'd need to send out a new key every now and again, but if a key is good for a couple of months (Doable) then it becomes quite reasonable.

Encrypted Management Frames

It's called 802.11w and introduces encryption on management frames (so de-auth attack is out), this problem is solved. It's up to vendors/developers to implement it.

Re:why crack my Wi-Fi

[SuricouRaven]

SSL is designed to operate over insecure networks. That's the idea.

Re: Expected

"moot", you keep using that work like that. It doesn't mean what you think it does.

Re:NSA says fuck off

[Phreakiture]

Why are you asking me? You know damn well where my papers are.

Re:why crack my Wi-Fi

[Lloyd_Bryant]

WPA2 keeps the neighbors from eating mah bandwich?

Try "it keeps people from injecting exploits into your computer by impersonating web servers." Be glad you enabled it.

How about "it keeps you from being hauled off to jail by some really mean feds because someone used your wireless to download kiddie porn"? *That* most people can easily understand.

Werid

[jon3k]

This article is a really takes a really roundabout way to tell you computers are getting faster...

Relative Ease compared to What?

[craighansen]

TFAbstract says that WPA2 can be cracked with brute force search, and that long passwords are more secure than short ones. Looking up the home pages of these internationally renowned researchers http://www.brunel.ac.uk/bbs/pe... http://issel.ee.auth.gr/people... http://www.research.lancs.ac.u... reveals that these three claim no other security-focused publications. But perhaps I'm too quick to judge. Somebody pay the man and read their paper. Or is this the two-step get-rich-quick scheme?: - (1) Publish Paywalled Article Exposing Security Holes in Commonly-Used Security Protocol (2) Profit! (PPAESHiCUSP-P)

Re:Expected

[fizzer06]

Creating a truly random number generator that takes advantage of quantum effects is not terribly difficult. Many modern CPUs now have this support built-in.

Call me paranoid, but I don't think it would be safe to assume the 3 letter agencies haven't already co-opted the design of the modern CPU random number generators.

Re:Expected

[AaronW]

I think it's unlikely. When news of FreeBSD not trusing Intel's random number generator I decided to look at the RTL of one of the CPUs my employer makes which is optimized for security applications. The random number generator works exactly as the documentation says it does using the jitter of 125 of 128 ring oscillators feeding into a SHA1 engine with other unique inputs.

Re:Expected

[MikeBabcock]

And as stated, is no more invulnerable to remote attacks than password data (which has already been shown to be frequently all too easily accessible).

The OTP data must be accessible to the service you're connecting to which in turn is open to attacking from the outside. OTPs are not special when you use them with online services that aren't fully hardened.

In fact, I don't think it would be hard to argue that the traditional randomly-generated key system protected by public keys is in fact more secure because of its lack of replayability when properly implemented.

Re:Expected

[fizzer06]

Would you please identify the CPU?

Re:Expected

[AaronW]

Cavium OCTEON series of CPUs. http://www.cavium.com/OCTEON-I...

Re:why crack my Wi-Fi

[skids]

Try to have an effective browsing experience with port 80 blocked.

Re:MAC filtering and PSK

[skids]

MAC filtering should only be used as a herd immunity measure: people who don't update their AV are less likely to find it easier to spoof an existing MAC address than they find it to register in a captive portal and download their updates before they are allowed in.

Re:Expected

[fizzer06]

That's very impressive. What do those cost? I wonder how much to build a basic system around that chip.

Re:Expected

[AaronW]

They're not designed for systems but for embedded devices like firewalls, VPNs, routers, NAS, etc. They're expensive and have some very nice engines in them as well, such as the gzip engine that's 100 times as fast as software implementations, hardware pattern matching (regex) engines and content addressable memory support for firewalls and anti-virus, RAID engines for NAS to do RAID 5/6 calculations in hardware, encryption and hashing instructions, not to mention built-in support for 10 and 40Gbps Ethernet with a lot of packet acceleration. The chip of course will run Linux (Debian) and applications that run directly on top of the cores without an OS underneath for bare metal performance. The single threaded performance is a fair bit lower than an X86 based system which is why there are so many cores running in parallel. There's also a lot of special support for synchronization between the cores and various atomic instructions that have been added.

While it is fully compatible with standard 64-bit MIPS there are a lot of additional instructions since MIPS allows you to do that (ARM does not allow manufacturers to add custom instructions).