Hi, > I'd like to hear an actual developer position on that statement. I > read it as a criticism of the way WPA is used more than of the > protocol itself. As in, it's of little value to encrypt the traffic > if you allow anybody to access it. If Theo was saying that it sucks > even when you're using some sufficient form of authentication (other > than that it's maybe too complicated), I'd love to have it explained. > not in the mood to search for it, but I've seen people demonstrating that WPA is as useless as WEP, just different approach and different software. WPA2 is a bit better but there are still a few underlying "design flaws" which make the whole stuff on it's own rather insecure. can't recall though that anybody had WPA2 exploited at the time but that's more then a year in the past so I wouldn't trust it.
however, google should find the stuff somewhere, it was demonstrated on a few events, docs should be on the net, no need to bother theo with this. -sm