Quote:
Originally Posted by Thomas Clark
The robot itself runs an unprotected FTP server. I really fear someone exploiting this, and I've already demonstrated that this is possible (no, I won't post the code). IMHO, they should either use a password, or, better yet, use encrypted SSH file transfer (SFTP).
|
This thread is very likely to go the same route as your posts in the other thread did.
Having said that I will repeat my claim that the robot is protected by WPA encryption when on the field. WPA encryption has not been fully cracked to my knowledge, although there are vulnerabilities with the handshaking which allow for offline dictionary attacks. I don't recall the exact length or nature of the keys in use but I believe they are randomly generated keys that at the very least contain lower case, upper case and digits. A key generated in this fashion, even of the minimum 8 characters, should take far too long to brute force unless you are extremely lucky.
If I am wrong and you have a way to crack a WPA key in a timeframe that would be useful for attacking the FRC network please let me know what it is via PM and I will gladly test it and agree with you after confirming it works.
An FTP password would either be obnoxious for teams (randomly generated) or more vulnerable to a dictionary attack than the WPA key (team chosen)