On Tue, Jul 08, 2003 at 05:33:02PM -0000, Craig Brauckmiller wrote: > We have begun rolling out wireless cards to our VP laptops. We have also > purchased T-Mobile Hotspot accounts for them to use in such places as > Starbucks, American Admiral's Clubs, etc. > > >From my testing, the user name and password entry screen that TMobile > requires you to fill in before they will allow you to do any type of > surfing. > > The login page does use HTTPS, so I assume the user name and password are > encrypted when the user submits the page. > > How hard is it to decrypt SSL based traffic over a wireless link or wired > for that matter? Is it something trivial, or would it take some time to > break? I just worry about a hacker hanging out at Starbucks and snagging > a user name and password for free internet access.
SSL itself, even if it uses only 40 bit encryption is quite hard to decrypt. The "normal" Hacker, hanging out in Starbucks will quite sure be unable to achieve anything. The danger with any such encryption protocol lies in the layers below. Most important is to ensure that you are connected to the right partner (to avoid man in the middle attacks). Therefore _always_ check if the signature of the ssl-key belongs to the computer you want to connect to. Check out the help feature of your browser to find out how to get information about the actually used ssl-key. Florian Streck -- If you stick your head in the sand, one thing is for sure, you're gonna get your rear kicked.
pgp00000.pgp
Description: PGP signature
