New Idea Protects Users From Man-in-the-Middle Attacks

[Guest]

MIT scientists have come up with a relatively simple idea how those nasty man-in-the-middle-attacks can be thwarted.

New Idea Protects Users From Man-in-the-Middle Attacks : Read more

 

[amk-aka-Phantom]

That isn't new. That is used in OpenVPN and other VPNs for a looong time. Or at least it seems like this new stuff is the same.

 

[shanky887614]

this isnt going to work,

and even if it does it wont be long before someone finds a way around it

they said the same thing about wpa, but you can do a four-way handshake to connect

 

[stingstang]

....yaaaay!

 

[therabiddeer]

[citation][nom]shanky887614[/nom]this isnt going to work,and even if it does it wont be long before someone finds a way around itthey said the same thing about wpa, but you can do a four-way handshake to connect[/citation]
Just like everything else relating to technology, it likely will work.. for a time. Sure, it will eventually be broken but that will take time, and then there will be something new for the hackers to crack. Nothing is completely perfect, all you can do is keep innovating.

 

[hoofhearted]

What is to stop the "man in the middle" from transmitting a string of numbers related to the his key by the same known mathematical operation?

 

[masterbinky]

This is just saying, and we use ANOTHER key so the probability goes down that the attacker has BOTH keys. This isn't new... and bad student! don't mix FSK and am.

("known mathematical operation" which if the attacker knew... it wouldn't matter, so it is a key)

 

[ProDigit10]

And just how is this going to work on a public encrypted network with tens of devices connected to the router?

 

[ProDigit10]

there's always a way to circumvent securities, always a way to fool hardware and/or people! The process just makes it harder, but it's still there!

 

[shanky887614]

the ironic thing is people are just going to work out the algorithem, just like they have with routers so they can generate the passkey to get on network when people keep the factory defauly ssid

\sarcasm

ow now, people are going to say, i cant get online becasue i cant click generate on a keygen, my life is over!!!

\ end sarcasm

 

[koga73]

"In a usual wireless connection, two devices exchange cryptographic keys which are used to encrypt the data in their transmission. To successfully intercept such a transmission, an attacker needs to inject his own key at the very moment the key exchange"

We are talking about cracking wifi right?
Why would the hacker need to inject anything? All the hacker has to do is capture the handshake then they can go offline and crack the hash. Once it's cracked they have the pass to the network and any further key exchanges won't matter cause the hacker will be connecting "as normal."

If were talking about SSL then again why does anything need to be injected? From what I've seen the most common way to bypass SSL is to just strip it out entirely.

Nothing is secure.

 

[K-zon]

Don't radio waves after awhile or for awhile lose alot of say data retention though??

Guess you could say all is radio signals to say of course but of it though always had seemed to be a conflict in ideas of data.

Let alone idas of say security within a feature. There is say HD video over radio waves if i remember right of course but don't think is based off the idea though. Given its mainly digital to say, but of it though older video signals were of good quailty and stream to say. But again rather of say data-security placed is anyones guess.

But given though of course alot of what we use is probably all radio or the most anyways. So of the idea can't say its not a bad one.

Given there are many ideas of use of say radio waves and have been for along time. But alot of uses say this days are fairly far gone and no longer used and say sold for what they are.

But for say data security or just a security usage of anything though is anyones guess.

 

[tomaz99]

[citation][nom]shanky887614[/nom]this isnt going to work,and even if it does it wont be long before someone finds a way around itthey said the same thing about wpa, but you can do a four-way handshake to connect[/citation]

Why?

 

[pythy]

[citation][nom]koga73[/nom]"In a usual wireless connection, two devices exchange cryptographic keys which are used to encrypt the data in their transmission. To successfully intercept such a transmission, an attacker needs to inject his own key at the very moment the key exchange"We are talking about cracking wifi right?Why would the hacker need to inject anything? All the hacker has to do is capture the handshake then they can go offline and crack the hash. Once it's cracked they have the pass to the network and any further key exchanges won't matter cause the hacker will be connecting "as normal."If were talking about SSL then again why does anything need to be injected? From what I've seen the most common way to bypass SSL is to just strip it out entirely.Nothing is secure.[/citation]
They're talking about man-in-the-middle attacks, not hacking into a network. It's like you're logging into your bank account and I (man-in-the-middle) sneak in (inject) and pretend to be the bank so when you log in, you're actually giving me all the details.

 

[swamprat]

The idea sounds interesting, as far as I understand it, but if you make it sensitive enough to cut out the man in the middle then would it not also make it sensitive for the usual screwing up of wireless networks through their wireless-ness?

 

[f-14]

after transmitting its encryption key, the legitimate sender transmits a second string of numbers related to the key by a known mathematical operation

that doesn't fix anything, if anything a second key based on the first will make it easier to break into the wireless no matter the encryption.
word to hackers your job just became easier if this gets implemented, you now have 2 keys based on the same formula to crack with.
so when did MIT start employing anonymous and lulzsec to invent 'new' security so easy, script kiddies could hack it?