[cryptography] ssl/tls splicing attack

James A. Donald jamesd at echeque.com
Thu Mar 18 00:41:17 EDT 2010

James A. Donald wrote:
 > > If any of us were consulted on wifi, would we have allowed an
 > > offline dictionary attack?  Wifi have had three tries, or four,
 > > depending on how you count, and still have not got wifi right,
 > > though most of us could have done it right easily.

Kevin W. Wall wrote:
 > Hey, come on now. Let's not be too hard on them. IEEE did the best
 > they could, having to be backward compatible with all the previous
 > vulnerabilities from earlier versions. ;-)

WPA2-PSK was not restricted by backward compatibility.  They just
screwed up though ignorance, and the inability to tell real experts
from bullshit artists - and the inability of bullshit artists to know
that they were not real experts.

More information about the cryptography mailing list