Re: affordable wireless

2000-09-05 Thread Kevin Oberman

Brad,

We can agree that the 40 bit stuff is not worth the trouble. My 128
bit Lucent card says "128-bit RC-4 encryption". Last I heard, RC-4 was
not considered a "safe" algorithm.

Also, in any multi-user environment, the secret must be too public. (I
believe that when I know something, it's secure. When I tell someone,
it's secret. When someone else is told, it's public.)

Using an encrypted link is fine, but I worry that people will believe
far too much in its security. (Especially when they see "128-bit".)

If I'm wrong and it is 3DES, never mind! But still use ssh whenever
possible. 

R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED]  Phone: +1 510 486-8634


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message



Re: affordable wireless

2000-09-05 Thread Brad Knowles

At 9:11 AM -0700 2000/9/5, Kevin Oberman wrote:

>  Even at 128 bits, WEP encryption is, at best, rather weak. The right
>  answer is to use strong encryption for everything.

If I'm not mistaken, this is actually using Triple DES at 128 
bits, so this is still decently strong.  The problem is that the 
normal WEP key is only 40 bits long, which we know can be cracked in 
a matter of only a few seconds.

>  OpenSSH is now a standard part of FreeBSD. Use it and stop sending
>  clear passwords over the net. Then you don't care about the security
>  of the link, only the end nodes.

OpenSSH is good, and I certainly use it (and other ssh products) 
where possible.  However, it is not a panacea, it cannot be used 
everywhere, and if you can enable additional encryption at the link 
level, then you should certainly do that.

--
   These are my opinions -- not to be taken as official Skynet policy
==
Brad Knowles, <[EMAIL PROTECTED]>|| Belgacom Skynet SA/NV
Systems Architect, Mail/News/FTP/Proxy Admin || Rue Colonel Bourg, 124
Phone/Fax: +32-2-706.13.11/12.49 || B-1140 Brussels
http://www.skynet.be || Belgium

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
 -Benjamin Franklin, Historical Review of Pennsylvania.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message



Re: affordable wireless

2000-09-05 Thread Vivek Khera

> "KO" == Kevin Oberman <[EMAIL PROTECTED]> writes:

KO> OpenSSH is now a standard part of FreeBSD. Use it and stop sending
KO> clear passwords over the net. Then you don't care about the security
KO> of the link, only the end nodes.

But without encryption, anyone can talk to your base station.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message



Re: affordable wireless

2000-09-05 Thread Darryl Okahata

"Kevin Oberman" <[EMAIL PROTECTED]> wrote:

> Even at 128 bits, WEP encryption is, at best, rather weak. The right
> answer is to use strong encryption for everything.
> 
> OpenSSH is now a standard part of FreeBSD. Use it and stop sending
> clear passwords over the net. Then you don't care about the security
> of the link, only the end nodes.

 Very true.  If people want to know why, see:

http://mail-index.netbsd.org/tech-net/2000/02/04/0001.html

--
Darryl Okahata
[EMAIL PROTECTED]

DISCLAIMER: this message is the author's personal opinion and does not
constitute the support, opinion, or policy of Agilent Technologies, or
of the little green men that have been following him all day.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message



Re: affordable wireless

2000-09-05 Thread Darryl Okahata

"Sameer R. Manek" <[EMAIL PROTECTED]> wrote:

> Does anyone have any suggestions on how to have 802.11 wireless for home
> users? Naturally it should be supported by FreeBSD. Configuruation can be
> done on any pc os though.
> 
> My only affordable solution so far is to use the Apple AirPort base station,
> and wavelan pcmcia cards, but I don't know if they can co-exist, and the
> AirPort needs a Macintosh to configure. My idea of affordable for this is
> less then $500, the lucent wavelan solution works out to about $900 startup,
> that's a little out of my budget.

 Just to let everyone know: I should be getting a TechWorks
(Buffalo) AirStation in the next couple of days, and I'll be adding it
to my FreeBSD Wireless documentation.  A co-worker got one, and we
played with it briefly; it doesn't look too bad.  It's an actual base
station (does not work in ad-hoc mode).  I don't know if it supports
NAT/DHCP though, although bridging appears to work fine.  Other
comments:

* Configuration is done via a web browser (bleah).

* Only supports 40-bit encryption.  Don't know if it's like the AirPort
  when it comes to the 128-bit encryption upgrade, though.

* Keys can be entered as hex (yes!).

* The $279 model doesn't have a modem.  With a modem, it's $299 (the
  same as the AirPort).

* It works fine with my Lucent Orinoco (WaveLan) gold card (we didn't
  try enabling encryption, though).

--
Darryl Okahata
[EMAIL PROTECTED]

DISCLAIMER: this message is the author's personal opinion and does not
constitute the support, opinion, or policy of Agilent Technologies, or
of the little green men that have been following him all day.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message



Re: affordable wireless

2000-09-05 Thread Kevin Oberman

Even at 128 bits, WEP encryption is, at best, rather weak. The right
answer is to use strong encryption for everything.

OpenSSH is now a standard part of FreeBSD. Use it and stop sending
clear passwords over the net. Then you don't care about the security
of the link, only the end nodes.

R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: [EMAIL PROTECTED]  Phone: +1 510 486-8634


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message