[Cryptography] Current state of WPA2 security for IoT access ?
John Ioannidis
ji at tla.org
Tue Apr 26 02:47:23 EDT 2016
On Mon, Apr 25, 2016 at 11:48 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> --
>
> https://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
>
> A sysadmin told me within the last week that WPA2 was easily broken
> via Aircrack.
>
>
Why don't you ask him to give you a demo?
> I wasn't aware of this; is this really true?
>
> The overall question I'm interested in has to do with IoT wifi access.
>
>
> If I try to hide a WPA2 access password in an IoT device, someone can
> easily steal the (outdoor) IoT device & "waterboard" it until it gives
> up the WPA2 password.
>
> Same way you protect any secret in any public device. You use sufficiently
tamper-resistant hardware and you do not design your system so that the
compromise of one device compromises the entire system. OTOH, make it
expensive enough, and people will think you have something important to
hide :)
> So what is the current recommendation w.r.t. IoT devices accessing
> WPA2 wireless routers?
>
>
You can't spell "idiot" without "iot".
/ji
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160426/82c1b38e/attachment.html>
More information about the cryptography
mailing list