Personally, I agree with your advice to customers.
Supposedly it’s a way to connect devices to WiFi without entering (or knowing) the WiFi password. Some annoying devices like cheap printers almost force you to use WPS. From: AF <af-boun...@af.afmug.com> On Behalf Of Adam Moffett Sent: Saturday, March 22, 2025 4:37 PM To: AnimalFarm Microwave Users Group <af@af.afmug.com> Subject: Re: [AFMUG] math is fun? I never looked into how WPS was supposed to work. I pushed the button once and the Internet broke. I went into the router and reset the WPA key and went about my business. I advised all customers that the WPS button breaks everything and please never touch it. What were you supposed to do with WPS? On Sat, Mar 22, 2025 at 3:24 PM Ken Hohhof <khoh...@kwom.com <mailto:khoh...@kwom.com> > wrote: OK, 74 years on this planet and 1 brain aneurysm have taken their toll and I can’t do math in my head like I used to. (Ask me how I know “person, man, woman, camera, TV” isn’t an IQ test). But I still find this a fun math problem, and the math is actually pretty basic. I wonder how many kids today know there are 10^8 possible 8 digit numbers, and that 10^8 is 100 million. And how many would say math can be fun. I grew up during the Cold War and the Space Race … math and science were actually cool. Anyway, to get WiFi Alliance certification and put the WIFI Certified logo on your router, it has to support WPS (WiFi Protected Setup), including both the button press method and the PIN method. The PIN method is a security problem. In theory, a brute force attack would have to guess an 8 digit number, so 10^8 = 100 million tries (worst case). That’s gonna take a long time. Unfortunately, there is a flaw in the algorithm, as stated in this 14 year old CERT advisory. An attacker can tell when they have guessed the first 4 digits correctly, so 10^4 = 10,000 tries. Then all that remains is to guess the last 4, but the 8th digit it a parity check, so you only have to guess 3 more digits. 10^3=1,000 more tries, for a total of 11,000. https://www.kb.cert.org/vuls/id/723755 -- AF mailing list AF@af.afmug.com <mailto:AF@af.afmug.com> http://af.afmug.com/mailman/listinfo/af_af.afmug.com
-- AF mailing list AF@af.afmug.com http://af.afmug.com/mailman/listinfo/af_af.afmug.com
