 |  |  |  |  |
 |  | |  | |
 | |  | |  |
 |  |  |  | |
| |  |  |  |  |
 | |  | |  |
 |  | |  |  |
 |  |  |  |  |
| |  |  |  |  |
 |  |  |  |  |
 | |  |  |  |
| |  |  |  |  |
Thursday, July 2, 2009
How is WEP hacking not a national security issue?
Lifehacker today (and 1000's of others) posted how to break into my house???
While I appreciate them giving me job security in the IT front .... I do not know why posting these kinds of threats are not a national security issue?
Yes we should report it and discuss, but giving 'how to' editorials is a threat.
From Lifehacker How to Crack a Wi-Fi Network's WEP Password
You already know that if you want to lock down your Wi-Fi network, you should opt for WPA encryption because WEP is easy to crack. But did you know how easy? Take a look.
Today we're going to run down, step-by-step, how to crack a Wi-Fi network with WEP security turned on. But first, a word: Knowledge is power, but power doesn't mean you should be a jerk, or do anything illegal. Knowing how to pick a lock doesn't make you a thief. Consider this post educational, or a proof-of-concept intellectual exercise.
Dozens of tutorials on how to crack WEP are already all over the internet using this method. Seriously—Google it. This ain't what you'd call "news." But what is surprising is that someone like me, with minimal networking experience, can get this done with free software and a cheap Wi-Fi adapter. Here's how it goes.
Attacks always get better, they never get worse.
New cryptanalytic attack on AES that is better than brute force:
Abstract. In this paper we present two related-key attacks on the full AES. For AES-256 we show the first key recovery attack that works for all the keys and has complexity 2119, while the recent attack by Biryukov-Khovratovich-Nikolic works for a weak key class and has higher complexity. The second attack is the first cryptanalysis of the full AES-192. Both our attacks are boomerang attacks, which are based on the recent idea of finding local collisions in block ciphersboomerang switching techniques to gain free rounds in the middle. and enhanced with the
In an e-mail, the authors wrote: We also expect that a careful analysis may reduce the complexities. As a preliminary result, we think that the complexity of the attack on AES-256 can be lowered from 2119 to about 2110.5 data and time.
We believe that these results may shed a new light on the design of the key-schedules of block ciphers, but they pose no immediate threat for the real world applications that use AES.
Agreed. While this attack is better than brute force -- and some cryptographers will describe the algorithm as "broken" because of it -- it is still far, far beyond our capabilities of computation. The attack is, and probably forever will be, theoretical. But remember: attacks always get better, they never get worse. Others will continue to improve on these numbers. While there's no reason to panic, no reason to stop using AES, no reason to insist that NIST choose another encryption standard, this will certainly be a problem for some of the AES-based SHA-3 candidate hash functions.
Read more from Bruce:
Subscribe to:
Posts (Atom)