[MLB-WIRELESS] /dev/random WEP Keygen webpage

Jason Brice Jason.Brice at kiandra.com
Thu May 8 16:37:55 EST 2003


Good points. Now once again without the attitude? You know, like youre
discussing the matter with an intelligent group of your peers in a
public forum? Go on, just pretend. 

J.



-----Original Message-----
From: Grant Diffey [mailto:nevyn-wlan at artificial-stupidity.net] 
Sent: Thursday, 8 May 2003 4:05 PM
To: Jason Hecker
Cc: melbwireless at wireless.org.au
Subject: Re: [MLB-WIRELESS] /dev/random WEP Keygen webpage


On Thu, May 08, 2003 at 03:20:31PM +1000, Jason Hecker wrote:
> I slapped together a page that generates 64, 128 and 256 bit WEP keys 
> from
> the server's /dev/random stream, so it doesn't use any pseudorandom
keygen 
> like most other stuff (webpages and the like) seem to.
Using a webpage to generate your wep key is just such a 
mind boglingly stupid idea it's difficult to know where
start.

at the most basic level.. you're generating a secret
over an untrusted network using an untrusted protocol
with who knows how many caches and such.

not to mention that you're trusting the remote end
not to store the key anywhere.


to put it in perspective if someone offerd a service
to generate you a random pin to go with your banking
service would you use it?



> 
> Lemme know what youse think and if it's buggy at all.
The concept is broken by design

Even tho wwep is broken by design there's no need to 
break it further with bad security practices


-- 
Grant Diffey aka "nevyn"

President of Computerbank Australia Inc. http://www.computerbank.org.au/

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list