Hams Report 85-mile 802.11b File Transfers @ Oregon
Roy S. Rapoport
rsr at inorganic.org
Wed Apr 14 17:45:15 PDT 2004
On Wed, Apr 14, 2004 at 04:13:54PM -0700, Mark C. Langston wrote:
> Were the solution simply "don't use weak (low-entropy) passwords", we
> could put up web pages containing the contents of everyone's
> /etc/shadow, confident that all the passwords contained therein were
> strong.
>
> In much the same way that were the solution simply, "teach users not to
> open email from strangers", we wouldn't have a virus problem.
>
> I'm afraid that, while the solution is trivial, the practical
> application of the WPA weakness is still very valid, because the weak
> link is biological.
Right. What I'm saying, however, is that -- unless I misunderstand the
basic concept behind WPA (disclosure: I haven't deployed it yet) -- nothing
requires you to let the user select the password, right? So why not do "Hi,
here's your new laptop with wireless card. And here's your WPA password:
B2A40F73F92810." (BTW, this was auto-generated from an 11-line script I just
wrote)
Doesn't this solve the problem?
> > Pshaw. That's really naive and trusting.
> >
> > For the truly paranoid, turn off your systems and go live under a rock.
> > When someone comes near, throw that rock at them. Then, find another rock.
> > Repeat as necessary.
> >
>
> Piffle. You're an optimist.
>
> If you want to be really paranoid, turn off your systems, encase them in
> Lucite, set the Lucite blocks in cement, drop the cement blocks down the
> Marianas Trench, and use mass drivers and shaped charges to deflect the
> planet's orbit into the heart of a convenient star.
>
> With luck, some of your data may escape prying eyes.
"On a long enough timeline, the surival rate for everything drops to zero."
-roy
More information about the Baylisa
mailing list