Hacker News new | past | comments | ask | show | jobs | submit login

I said "IF" there's no salting. In any case, I'd be less concerned about SSID's not being unique as I am about the fact that the SSID of a specific target is trivial to obtain and almost never changed.



> I'd be less concerned about SSID's not being unique as I am about the fact that the SSID of a specific target is trivial to obtain and almost never changed.

Salts don't need to be secret, only unique. In fact, in this case the unauthenticated client needs to be able to compute the PMK from the password alone, so you can't keep it on the AP.




Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: