Re: Backward compatibility bites again (like RC4 in WPA2) - cypherpunks - lists.cpunks.org

newer
Curiouser and Curioser...

Re: Backward compatibility bites again (like RC4 in WPA2)

older
REAL-ID Phone Access Coming Soon

coderman

10 Dec 2014 10 Dec '14

1:14 a.m.

On 12/9/14, grarpamp wrote:

https://www.imperialviolet.org/2014/12/08/poodleagain.html

Similar how continued insistence on centralized SMTP continues to bite.

at least they're trying. RC4 in WPA2, and no signs anyone cares...

Reply

Sign in to reply online Use email software

Show replies by date

grarpamp

10 Dec 10 Dec

4:57 a.m.

New subject: Backward compatibility bites again (like RC4 in WPA2)

On Tue, Dec 9, 2014 at 8:14 PM, coderman wrote:

RC4 in WPA2, and no signs anyone cares...

The wifi alliance is a bunch of closed companies competing in closed hardware, microcode, firmware and licenses with probably no dependency on opensource other than stealing it. ie: broadcom. And both ends of the connection are terminated by their hardware, you're not in the loop. (Unless you're your own AP/sniffer, in which case they don't care.) Now with your largely opensource browser, TLS libs and apache, even if your far end is terminating on some closed cisco hardware at closed google, they're at least half driven by you, compatibility wise. Though users might care, at least the 'both ends owned' vendors will be extremely resistant to change. Would you have better luck convincing coffee shop owners to run openwrt so you can terminate an AES local VPN on their hotspot and then out to the net, overlaying what's used on the airwaves be it rc4 or cleartext? Let me know what shop to patronize :) (The b43 wireless project used to write some open firmware for broadcom nics. And other brands do have some open firmware. Thought WPA2 was in the silicon though, I might be wrong.)

Reply

Sign in to reply online Use email software

coderman

4 Feb 4 Feb

1:06 p.m.

New subject: Backward compatibility bites again (like RC4 in WPA2)

On 12/9/14, coderman wrote:

... RC4 in WPA2, and no signs anyone cares

it is feb 2015, and still RC4 in WPA2, also remote, also blind, also post-exchange kletographicexfil without disclosures, without firmware updates, without papers, without trendy security con stage hack theatrics, it is industry force, creates its own moral justification without reservation. 2015, RC4 still in WPA2, WPA2 still in everything, ... [0]. best regards, 0. "I've seen people act like you can't disable RC4 until you agree whether it's very very weak or completely broken." - https://twitter.com/nickm_tor/status/542192592424017920

Reply

Sign in to reply online Use email software

coderman

3 Mar 3 Mar

9:48 p.m.

New subject: Backward compatibility bites again (like RC4 in WPA2)

On 2/4/15, coderman wrote:

... 2015, RC4 still in WPA2, WPA2 still in everything, ... [0].

not RC4 specifically, but EXP-RC4-MD5 is the avenue: "The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today." - http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-fact... RC4, still hurting us today, too!

Reply

Sign in to reply online Use email software

rysiek

4 Mar 4 Mar

8:45 p.m.

New subject: Backward compatibility bites again (like RC4 in WPA2)

Dnia wtorek, 3 marca 2015 13:48:28 coderman pisze:

On 2/4/15, coderman wrote:

...
... 2015, RC4 still in WPA2, WPA2 still in everything, ... [0].

not RC4 specifically, but EXP-RC4-MD5 is the avenue:

"The export-grade RSA ciphers are the remains of a 1980s-vintage effort to weaken cryptography so that intelligence agencies would be able to monitor. This was done badly. So badly, that while the policies were ultimately scrapped, they’re still hurting us today." - http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-fac toring-nsa.html

RC4, still hurting us today, too!

NSA -- making the world a less safe place, one cipher at a time! -- Pozdrawiam, Michał "rysiek" Woźniak Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

Reply

Sign in to reply online Use email software

3487

Age (days ago)

3571

Last active (days ago)

Download

4 comments

3 participants

tags

participants (3)

coderman
grarpamp
rysiek