[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Backward compatibility bites again (like RC4 in WPA2)

On Tue, Dec 9, 2014 at 8:14 PM, coderman <[email protected]> wrote:
> RC4 in WPA2, and no signs anyone cares...

The wifi alliance is a bunch of closed companies competing
in closed hardware, microcode, firmware and licenses with
probably no dependency on opensource other than stealing it.
ie: broadcom. And both ends of the connection are terminated
by their hardware, you're not in the loop. (Unless you're your
own AP/sniffer, in which case they don't care.)

Now with your largely opensource browser, TLS libs and apache,
even if your far end is terminating on some closed cisco hardware
at closed google, they're at least half driven by you, compatibility wise.

Though users might care, at least the 'both ends owned' vendors
will be extremely resistant to change.

Would you have better luck convincing coffee shop owners
to run openwrt so you can terminate an AES local VPN on
their hotspot and then out to the net, overlaying what's
used on the airwaves be it rc4 or cleartext?
Let me know what shop to patronize :)

(The b43 wireless project used to write some open
firmware for broadcom nics. And other brands do have
some open firmware. Thought WPA2 was in the silicon
though, I might be wrong.)