WiFi security (was wifi access from laptop to starbucks wifi)

[JD]

On 06/22/2010 07:27 PM, Darr was caught red-handed while writing::
> On Tuesday, 22 June, 2010 @22:00 zulu, JD scribed:
>
>    
>> WPA2-PSK + AES : I thought it is not possible for inter-customer
>> traffic to figure out the keys because once the connection is
>> established,
>> keys change dynamically per the protocol. Perhaps a an expert on the
>> WPA2-PSK protocl can shed some light on this.
>>      
> The unsecure part is, if left to their own devices people tend
> to choose weak passwords. It really is that simple.
>
> If you choose a password that is a dictionary word or the name
> of one of your kids/friends/pets, or a phone number, or a simple
> sequence on the keyboard like 123456, 1234qwer, qwertyuiop,
> et cetera, then AES can be 'cracked' using the dictionary method.
>
> If you choose a passphrase like 1a!B2 at Cd3#4$efGH(56) it's
> virtually uncrackable, Especially since there's a 1-minute xmit
> timeout enforced when there have been 2 wrong PW tries in
> 30 seconds. Even if they could make 3 guesses per second it
> should take a couple hundred centuries to crack that passphrase.
>
>    
Even so, that does not mean you can decrypt another user's traffic,
because you will n ot be able to find out the keys that were exchanged just
before the client transmitted a packet, regardless of how
weak the passphrase is when using AES.
All clients will be using same passphrase anyhow (assuming we
are still talking about using a public wifi hotspot, or
even a workplace shared wifi router/gateway, which is set
to accept only WPA2-PSK and AES encryption - no two
clients will be in lock-step conversation with the gateway
such that they exchange same keys with the gateway.
So, inter-client traffic (which means that someone has
some software on his/her machine, and has set his/her
interface in promiscuous mode and is trapping packets from
some particulat IP address. Good luck trying to decrypt them
The Japanese team of scientists could not do it.