[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: wi-fi security?

In <[🔎] 4A7B1EB8.1030308@physik.blm.tu-muenchen.de>, Johannes Wiedersich wrote:
>Boyd Stephen Smith Jr. wrote:
>> BTW, self-signed certificate != end-to-end security, it is trivial for
>> an attacker to perform a man-in-the-middle attack.
>Except, if it is you who self-signed BOTH certificates (and verify that
>it is still the one you signed), IIUC.

Better to create your own CA and import it into your trust chain.  That may 
not be possible in every environment.  If not, checking the certificate 
fingerprint[1] *every* *time* you establish a connection is an acceptable 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

[1] And don't use MD5 if your data is more valuable that a top-end video 
card.  Use SHA-1 if you have to; SHA-2 if possible; SHA-3 as soon as it is 

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: