Another thing is I can disable SSID broadcast, and in my apartment complex
that would go a long way. When I scan WLAN's, I come up with about 8-10 at
any time, half of which are wide open. If somebody wants to get into a
WLAN, they're going to hit an open one. Next in line would be cracking one
of the encrypted ones. Being that mine wouldn't even come up, it would be
at the bottom of the list. Not a sure protection, but definitely a
deterrant.
On 4/17/07, Katrina Niolet <kniolet@ildiinc.com> wrote:
>
> IMHO if a defense-in-depth approach is used, a wifi connection using wep
> isn't that bad. For instance if the steps of reading your email are:
> 1 Crack wep (easy)
> 2 crack the TLS connection between your email client and server (very
> hard)
> 3 crack the aes encrypted email (more or less impossible)
>
> You would still be pretty darn safe. You just have to make sure your email
> server and clients are using ssl or tls, your intranet uses ssl, etc. Then
> the wifi encryption becomes somewhat of a non-issue. (although having it as
> another layer isn't a bad idea)
>
> --sent from my BlackBerry 8100--
> Katrina Niolet
> kniolet@ildiinc.com
>
>
>
> -----Original Message-----
> From: "Joey Kelly" <joey@joeykelly.net>
> Date: Tue, 17 Apr 2007 08:49:50
> To:nolug@nolug.org
> Subject: Re: [Nolug] bcm43xx-fwcutter
>
> > > I dispute this. WEP is terminally broken, period. When you can crack
> 64-bit
> > > WEP in under 3 minutes, do you think a key only twice as long will
> keep you
> > > safe?
> >
> > Are you implying that a 128 bit key will only take 6 minutes? I am
> > pretty sure that the difficulty in cracking WEP keys increases
> > exponentially using the similar methods as your key length gets
> > longer.
>
> Actually, I was wrong. A 128-bit key (104 bits + 24 bit initialization
> vector) can be cracked in under one minute:
>
> http://eprint.iacr.org/2007/120
>
> http://www.enterprisenetworkingplanet.com/netsecur/article.php/3670961
>
> --
> Joey Kelly
> < Minister of the Gospel | Linux Consultant >
> http://joeykelly.net
>
> (sent via gmail.com, no GPG signature)
> ___________________
> Nolug mailing list
> nolug@nolug.org
>
___________________
Nolug mailing list
nolug@nolug.org
Received on 04/17/07
This archive was generated by hypermail 2.2.0 : 12/19/08 EST