From owner-freebsd-chat Tue Sep 5 11:17:58 2000 Delivered-To: freebsd-chat@freebsd.org Received: from apoq.skynet.be (apoq.skynet.be [195.238.2.35]) by hub.freebsd.org (Postfix) with ESMTP id 679D637B423 for ; Tue, 5 Sep 2000 11:17:55 -0700 (PDT) Received: from [195.238.1.121] (brad.techos.skynet.be [195.238.1.121]) by apoq.skynet.be (Postfix) with ESMTP id D589398BF; Tue, 5 Sep 2000 20:17:51 +0200 (MET DST) Mime-Version: 1.0 X-Sender: blk@pop.skynet.be Message-Id: In-Reply-To: <200009051734.e85HYBU18656@ptavv.es.net> References: <200009051734.e85HYBU18656@ptavv.es.net> Date: Tue, 5 Sep 2000 20:16:11 +0200 To: "Kevin Oberman" From: Brad Knowles Subject: Re: affordable wireless Cc: Vivek Khera , freebsd-chat@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org [Trying to take this to FreeBSD-Chat again, since this has nothing to do with -STABLE. -Brad] At 10:34 AM -0700 2000/9/5, Kevin Oberman wrote: > We can agree that the 40 bit stuff is not worth the trouble. My 128 > bit Lucent card says "128-bit RC-4 encryption". Last I heard, RC-4 was > not considered a "safe" algorithm. Looking at my card, I see that you are absolutely right -- it is 128-bit RC4. I am not personally aware of any security weaknesses in this algorithm, but I agree that it is not widely used, and I believe that is probably because it is not felt to be as secure as Triple-DES, CAST-128, or IDEA. > Also, in any multi-user environment, the secret must be too public. (I > believe that when I know something, it's secure. When I tell someone, > it's secret. When someone else is told, it's public.) True enough, but this is just one level of protection with these cards. The management stations also have a password to manage them, and that should obviously be different. So, you can use a shared password to be capable of accessing the network via the encrypted link, and a private password to manage the wireless hub itself. > Using an encrypted link is fine, but I worry that people will believe > far too much in its security. (Especially when they see "128-bit".) Well, it's better than nothing, which is what most people use. In fact, it's what I'm using right now, because I can't figure out how to get WaveLAN cards on PCs and WaveLAN cards on Macintosh and the AirPort with a WaveLAN card to all use the same password hashing scheme so that I can even use a shared password. ;-( > If I'm wrong and it is 3DES, never mind! But still use ssh whenever > possible. Agreed. Ssh is a Good Thing(tm). It should be used whenever possible. -- These are my opinions -- not to be taken as official Skynet policy ====================================================================== Brad Knowles, || Belgacom Skynet SA/NV Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124 Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels http://www.skynet.be || Belgium "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message