WiFi security (was wifi access from laptop to starbucks wifi)

Darr darr at core.com
Wed Jun 23 02:27:44 UTC 2010

On Tuesday, 22 June, 2010 @22:00 zulu, JD scribed:

> WPA2-PSK + AES : I thought it is not possible for inter-customer
> traffic to figure out the keys because once the connection is
> established, 
> keys change dynamically per the protocol. Perhaps a an expert on the
> WPA2-PSK protocl can shed some light on this.

The unsecure part is, if left to their own devices people tend
to choose weak passwords. It really is that simple.

If you choose a password that is a dictionary word or the name
of one of your kids/friends/pets, or a phone number, or a simple
sequence on the keyboard like 123456, 1234qwer, qwertyuiop,
et cetera, then AES can be 'cracked' using the dictionary method.

If you choose a passphrase like 1a!B2 at Cd3#4$efGH(56) it's
virtually uncrackable, Especially since there's a 1-minute xmit
timeout enforced when there have been 2 wrong PW tries in
30 seconds. Even if they could make 3 guesses per second it
should take a couple hundred centuries to crack that passphrase.

More information about the users mailing list