undefined | Better HN

0 pointsmaze-le9y ago0 comments

This may be the cure in this case, but unique/automated passwords can go horribly wrong too. I once was the owner of a Vodafone EasyBox, a cheap and crappy router with pre-configured wlan wpa-keys. They looked randomly enough, but were a crude mixture of your mac-adress and router serial number[0]. It turns out, the bits of the mac adress (wich were always on the same digit) reduced the length of the unknown parts of the key to 16. The rest 65535-something key-bits could easily be brute forced.

I just had the good fortune to configure my wifi- network myself, so I had to put in my own keys. Many other people didn't, and who could blame them, they were probably happy the thing worked in the first place...

[0]: https://www.wardriving-forum.de/wiki/Standardpassw%C3%B6rter...

0 comments

1 comments · 1 top-level

raesene69y ago

Sure there are bad implementations, but the principle that you can fix this kind of problem is there, just need to give the manufacturers enough incentive to spend the effort to a) implement this process and b) get a compentent security review to ensure it's not easily broken.

j / k navigate · click thread line to collapse