[Freedombox-discuss] What is Freedombox? (Was: CAs and cipher suites for cautious servers like FreedomBox)
Hi. Can't really speak for anyone but my self, but I'll try to answer
anyway, to share my idea about the Freedombox.
[cgw993 at aol.com]
> Sorry for the basic question but is Freedombox considered to be a
> collection of hardware or software or is it the name of the project
It is a project and a vision to create a home server allowing its users
privacy and securicy for its data and communcation. Part of the project
os to integrate or build the software needed for this, and part of the
project is to find/create a useful hardware platform to make it easy for
non techincal people to get access to the Freedombox solution.
> Q #2 - Would it be essentially impossible or completely impractical
> for the freedombox to contain only free software, the firmware,
> drivers, algorithms, code, everything free? The device cannot be
> secured if it contains any non free software(code, firmware,
> libraries, anything) right?
It is an expressed goal of the project to find a hardware platform
without any non-free parts.
> Q #3 - Does the Free Software Foundation approve of the Freedombox?
No idea if any one asked them, nor what their view on Freedombox is.
> Again, not an expert in this subject at all, but since we are talking
> about security I wanted to bring up WEP. My limited understanding of
> WEP is that it was an insecure encryption method used a decade or more
> ago and is still offered on many routers. The vulnerability as I
> understand it was that the router would broadcast part of the key
> itself along with something else at a certain interval, I would guess
> many times per second. After a short while, the router would
> broadcast a different part of the key and then eventually if you
> listened long enough you would have all the parts to the key. During
> the broadcast of these key pieces, was the order of the key characters
> preserved so that assembling the original key was a relatively simple
> matter if you listened long enough? If the answer to that is yes, is
> the reason that this extremely obvious vulnerability was not
> discovered because the algorithm used and/or the code was not made
> available for the public to view? It almost seems like an intentional
> hole in the security.
No idea about this. Do not track the details of Wifi security.
Personally I use an open WIFI network, and focus on securing the hosts
instead. No WIFI key to protect that way. :)