|
|
|
|
|
|
by madmod
3170 days ago
|
|
|
Update: It looks like the General answer is no, these attacks require interaction with the client at the time of exploitation to defeat the crypto. (I could be totally wrong however as I don’t understand the crypto.) Update 2: Apparently anything captured along with the device handshake can be decrypted after the fact if the attacker learns the password used at that time. (Source: https://www.google.com/amp/s/mrncciew.com/2014/08/16/decrypt...) So to decrypt all traffic an attacker would only need to compromise any machine which has the password saved. (Assuming they see the handshake for the device connection.) This indicates that regularly rotating the password (To something unpredictable) has some limited value. |
|
|