Hi,

> I'd like to hear an actual developer position on that statement.  I
> read it as a criticism of the way WPA is used more than of the
> protocol itself.  As in, it's of little value to encrypt the traffic
> if you allow anybody to access it.  If Theo was saying that it sucks
> even when you're using some sufficient form of authentication (other
> than that it's maybe too complicated), I'd love to have it explained.
>
not in the mood to search for it, but I've seen people demonstrating
that WPA is as useless as WEP, just different approach and different
software. WPA2 is a bit better but there are still a few underlying
"design flaws" which make the whole stuff on it's own rather insecure.
can't recall though that anybody had WPA2 exploited at the time but
that's more then a year in the past so I wouldn't trust it.

however, google should find the stuff somewhere, it was demonstrated
on a few events, docs should be on the net, no need to bother theo
with this.

-sm

Reply via email to