Re: airport / pcmcia ?

To: debian-powerpc@lists.debian.org
Subject: Re: airport / pcmcia ?
From: Michel Lanners <mlan@cpu.lu>
Date: Fri, 24 Aug 2001 08:17:10 +0200 (CEST)
Message-id: <[🔎] 200108240617.IAA00798@piglet.grunz.lu>
Reply-to: mlan@cpu.lu
In-reply-to: <[🔎] 3B8174B3.D28E71E4@netfall.com>

Hi all,

On  20 Aug, this message from Andrew Sharp echoed through cyberspace:
> Colin Walters wrote:
>> 
>> Michael Flaig <mflaig@uni.de> writes:
>> 
>> > Well ... no encryption is bad :-( Everyone with a laptop in front of
>> > my door could sniff my network, or isn´t it so easy ?
>> 
>> As I understand it, WEP is bad becuase the key size is far too small.

No, it is mostly because it is implemented _wrong_. There are a few
drawbacks in the potocol spec, that is what makes WEP a joke.

Have a look here:

http://slashdot.org/article.pl?sid=01/08/09/1758200&mode=thread
http://www.cs.rice.edu/~astubble/wep_attack.pdf
http://slashdot.org/article.pl?sid=01/07/27/1734259&mode=nested

>> This means an attacker would only have to make a slight amount of
>> effort to break the encryption through brute force.

Not brute force (well not really... it's not about trying every possible
key one after the other), but simply by listening to wireless traffic,
and extracting information out of it as it goes by.... Have a look here
for tools that do the crack for you:

http://airsnort.sourceforge.net/
http://sourceforge.net/projects/wepick

> Which is better than no encryption, hello.

Right. WEP still prevents casual sniffing, and easy wireless net
hijacking. However, your neighbour in the apartment next to you could
still _easily_ crack your net in no time.

> Also, the key size is
> not fixed but only depends on how you set it up.  A key size of 40
> bits prevents casual sniffing of your "conversations" while not
> adding significant cost to the parts.  A key size of 128 bits
> prevents any timely cracking of your network traffic,

No, that is not true anymore, as has been pointed out.

I'd suggest these steps to secure an 802.11 network (in increasing
efficiency):

- use hard-to-guess network names
- use WEP
- use MAC-based access-control

these three should really be the base line

- use application-level encryption or a strongly encrypted tunnel

Cheers

Michel

-------------------------------------------------------------------------
Michel Lanners                 |  " Read Philosophy.  Study Art.
23, Rue Paul Henkes            |    Ask Questions.  Make Mistakes.
L-1710 Luxembourg              |
email   mlan@cpu.lu            |
http://www.cpu.lu/~mlan        |                     Learn Always. "

Reply to:

Follow-Ups:
- Re: airport / pcmcia ?
  - From: Andrew Sharp <andy@netfall.com>

References:
- Re: airport / pcmcia ?
  - From: Andrew Sharp <andy@netfall.com>

Prev by Date: Re: Sound and KMail
Next by Date: PPP (was: Xpmac on Powerbook 1400c)
Previous by thread: Re: airport / pcmcia ?
Next by thread: Re: airport / pcmcia ?
Index(es):
- Date
- Thread