[Cryptography] Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
Patrick Chkoreff
patrick at rayservers.net
Tue Oct 31 10:22:10 EDT 2017
grarpamp wrote on 10/29/2017 01:46 AM:
> On Sat, Oct 28, 2017 at 4:06 PM, Patrick Chkoreff
> <patrick at rayservers.net> wrote:
>> I forgot to mention that I am using a VPN, so THEY'd only be snooping on
>> my quasi-random byte streams.
>
> Since most people don't bother to pin down the far end VPN certs,
> let alone confirm them out of band, and most networking does
> not use DNSSEC, nor IP or MAC level authentication... yes,
> they could MITM that do. ...
This particular OpenVPN server uses its own certificate authority to
lessen the potential for a MITM attack. Furthermore, it deploys an
"HMAC firewall" so that the negotiation of the key exchange cannot even
begin without the proper use of a shared static secret key.
That probably helps.
-- Patrick
More information about the cryptography
mailing list