Researchers Find Same RSA Encryption Key Used 28,000 Times
itwbennett writes In the course of trying to find out how many servers and devices are still vulnerable to the Web security flaw known as FREAK, researchers at Royal Holloway of the University of London found something else of interest: Many hosts (either servers or other Internet-connected devices) share the same 512-bit public key. In one egregious example, 28,394 routers running a SSL VPN module all use the same 512-bit public RSA key.
Similar mistake have been made before.
Have gnu, will travel.
I suspect his problem with it is that he confuses it with WEP.
"National Security is the chief cause of national insecurity." - Celine's First Law
Weak, bad or fake encryption is infinitely much worse than none, because it makes people believe they are safe while they are not.
You are talking about breaking passwords, not the encryption scheme, which comes later.
Password -> PMK -> 4 way handshake (session key establishment) -> Authenticated encryption (link cipher).
A 12 character, alphanumeric + special character password, uniformly generated is about 70 bits of entropy. The pbkdf2 invocation to generate the PMK has 4096 iterations, causing the brute force attack to need to perform on average ~ 2^81 hashes before finding a password. This would not happen over lunch.
Did your friend's tool actually break WEP instead of WPA-2? Or did you have a weak password? Or were you using a weak EAP method? Or what other form of BS are you talking?
I should use this sig to advertise my book ISBN-13 : 978-1501515132.