New Idea Protects Users From Man-in-the-Middle Attacks

Status
Not open for further replies.

shanky887614

Distinguished
Feb 5, 2010
232
0
18,840
this isnt going to work,

and even if it does it wont be long before someone finds a way around it

they said the same thing about wpa, but you can do a four-way handshake to connect
 

therabiddeer

Distinguished
Apr 19, 2008
137
0
18,630
[citation][nom]shanky887614[/nom]this isnt going to work,and even if it does it wont be long before someone finds a way around itthey said the same thing about wpa, but you can do a four-way handshake to connect[/citation]
Just like everything else relating to technology, it likely will work.. for a time. Sure, it will eventually be broken but that will take time, and then there will be something new for the hackers to crack. Nothing is completely perfect, all you can do is keep innovating.
 

masterbinky

Distinguished
Oct 21, 2010
23
0
18,560
This is just saying, and we use ANOTHER key so the probability goes down that the attacker has BOTH keys. This isn't new... and bad student! don't mix FSK and am.

("known mathematical operation" which if the attacker knew... it wouldn't matter, so it is a key)
 

ProDigit10

Distinguished
Nov 19, 2010
202
1
18,830
there's always a way to circumvent securities, always a way to fool hardware and/or people! The process just makes it harder, but it's still there!
 

shanky887614

Distinguished
Feb 5, 2010
232
0
18,840
the ironic thing is people are just going to work out the algorithem, just like they have with routers so they can generate the passkey to get on network when people keep the factory defauly ssid

\sarcasm

ow now, people are going to say, i cant get online becasue i cant click generate on a keygen, my life is over!!!

\ end sarcasm

 

koga73

Distinguished
Jan 23, 2008
183
0
18,630
"In a usual wireless connection, two devices exchange cryptographic keys which are used to encrypt the data in their transmission. To successfully intercept such a transmission, an attacker needs to inject his own key at the very moment the key exchange"

We are talking about cracking wifi right?
Why would the hacker need to inject anything? All the hacker has to do is capture the handshake then they can go offline and crack the hash. Once it's cracked they have the pass to the network and any further key exchanges won't matter cause the hacker will be connecting "as normal."

If were talking about SSL then again why does anything need to be injected? From what I've seen the most common way to bypass SSL is to just strip it out entirely.

Nothing is secure.
 

K-zon

Distinguished
Apr 17, 2010
179
0
18,630
Don't radio waves after awhile or for awhile lose alot of say data retention though??

Guess you could say all is radio signals to say of course but of it though always had seemed to be a conflict in ideas of data.

Let alone idas of say security within a feature. There is say HD video over radio waves if i remember right of course but don't think is based off the idea though. Given its mainly digital to say, but of it though older video signals were of good quailty and stream to say. But again rather of say data-security placed is anyones guess.

But given though of course alot of what we use is probably all radio or the most anyways. So of the idea can't say its not a bad one.

Given there are many ideas of use of say radio waves and have been for along time. But alot of uses say this days are fairly far gone and no longer used and say sold for what they are.

But for say data security or just a security usage of anything though is anyones guess.

 

tomaz99

Distinguished
Jan 28, 2010
55
0
18,580
[citation][nom]shanky887614[/nom]this isnt going to work,and even if it does it wont be long before someone finds a way around itthey said the same thing about wpa, but you can do a four-way handshake to connect[/citation]

Why?
 

pythy

Distinguished
Apr 24, 2009
116
0
18,630
[citation][nom]koga73[/nom]"In a usual wireless connection, two devices exchange cryptographic keys which are used to encrypt the data in their transmission. To successfully intercept such a transmission, an attacker needs to inject his own key at the very moment the key exchange"We are talking about cracking wifi right?Why would the hacker need to inject anything? All the hacker has to do is capture the handshake then they can go offline and crack the hash. Once it's cracked they have the pass to the network and any further key exchanges won't matter cause the hacker will be connecting "as normal."If were talking about SSL then again why does anything need to be injected? From what I've seen the most common way to bypass SSL is to just strip it out entirely.Nothing is secure.[/citation]
They're talking about man-in-the-middle attacks, not hacking into a network. It's like you're logging into your bank account and I (man-in-the-middle) sneak in (inject) and pretend to be the bank so when you log in, you're actually giving me all the details.
 

swamprat

Distinguished
Apr 20, 2009
108
0
18,630
The idea sounds interesting, as far as I understand it, but if you make it sensitive enough to cut out the man in the middle then would it not also make it sensitive for the usual screwing up of wireless networks through their wireless-ness?
 

f-14

Distinguished
Apr 2, 2010
774
0
18,940
after transmitting its encryption key, the legitimate sender transmits a second string of numbers related to the key by a known mathematical operation

that doesn't fix anything, if anything a second key based on the first will make it easier to break into the wireless no matter the encryption.
word to hackers your job just became easier if this gets implemented, you now have 2 keys based on the same formula to crack with.
so when did MIT start employing anonymous and lulzsec to invent 'new' security so easy, script kiddies could hack it?
 
Status
Not open for further replies.