4 edits | Almost a crack Users using long random passwords have no reason to switch to AES yet.
These type of articles are nothing but FUD. The actual cipher is not broken, but rather a faster way of testing likely keys was found, and given a complex key this is inconsequential.
I think many people here to not realize that even the WEP encryption scheme which was BADLY flawed could offer good protection with the correct key.
with the maximum length key at random using all possible characters it took an ENORMOUS amount of weak IV's. Not the 1 million or so most web example showed with weak passwords but more like 20+ million weak IV's with a long random password, which was very unlikely on all but a few routers (new firmware made this very hard to reach by "packet injection")
In case anyone was wondering the statistical attack time went down as the weak iv count went up.
It would take an intruder months to collect that many weak IV's (depending on your browsing habits) |
