I never looked into how WPS was supposed to work. I pushed the button once and the Internet broke. I went into the router and reset the WPA key and went about my business. I advised all customers that the WPS button breaks everything and please never touch it.
What were you supposed to do with WPS? On Sat, Mar 22, 2025 at 3:24 PM Ken Hohhof <khoh...@kwom.com> wrote: > OK, 74 years on this planet and 1 brain aneurysm have taken their toll and > I can’t do math in my head like I used to. (Ask me how I know “person, > man, woman, camera, TV” isn’t an IQ test). > > > > But I still find this a fun math problem, and the math is actually pretty > basic. I wonder how many kids today know there are 10^8 possible 8 digit > numbers, and that 10^8 is 100 million. And how many would say math can be > fun. I grew up during the Cold War and the Space Race … math and science > were actually cool. > > > > Anyway, to get WiFi Alliance certification and put the WIFI Certified logo > on your router, it has to support WPS (WiFi Protected Setup), including > both the button press method and the PIN method. The PIN method is a > security problem. In theory, a brute force attack would have to guess an 8 > digit number, so 10^8 = 100 million tries (worst case). That’s gonna take > a long time. > > > > Unfortunately, there is a flaw in the algorithm, as stated in this 14 year > old CERT advisory. An attacker can tell when they have guessed the first 4 > digits correctly, so 10^4 = 10,000 tries. Then all that remains is to > guess the last 4, but the 8th digit it a parity check, so you only have to > guess 3 more digits. 10^3=1,000 more tries, for a total of 11,000. > > > > https://www.kb.cert.org/vuls/id/723755 > > > -- > AF mailing list > AF@af.afmug.com > http://af.afmug.com/mailman/listinfo/af_af.afmug.com >
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
