David Wagner said:
> It's not clear to me if WPA products come with encryption turned on by
> default. This is probably the #1 biggest source of vulnerabilities in
> practice, far bigger than the weaknesses of WEP.
Maybe this is the case in the USA but from my own informal surveys in
Helsinki and London I've found that 90% of private WLANs operate with WEP
enabled (FWIW). Those with no WEP often appear to be deliberate,
indicated by 'welcoming' SSIDs. Commercial WLAN operators also typically
choose to deploy with no WEP, controlling access via transparent proxying
or similar methods.
If WLAN systems were supplied supposedly 'secure' out of the box,
consumers might have even less interest in changing defaults. Automated
key distribution at set-up time would likely introduce its own problems.
I'm fairly sure that J. Consumer connecting their home PC to DSL or cable
with no firewall typically expose themselves to greater risk than
deploying 802.11b with no WEP.
cheers,
-thomas
--
Men of lofty genius when they are doing the
least work are most active -- da Vinci
gpg: pub 1024D/81FD4B43 sub 4096g/BB6D2B11=>p.nu/d
2B72 53DB 8104 2041 BDB4 F053 4AE5 01DF 81FD 4B43
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
