Worst answer in the world...it all depends on how you've set it up. Yeah, if you put ssl at 128 bit, your chances are at best on average someone brute forcing at 2^64 tries. If you stay well uptodate on ssl versions, patches, and security "flaws", that's about the best you can do to seal holes. However, always look into updated dependencies that ssl uses as from what i can remember those are usually how people get in. The reason i say it all depends on how you set it up is that (and correct me if i'm wrong b/c i haven't looked into it for a while) there are known attacks that greatly help someone break the ssl code such as the million message attack where the server will actually tell you or give you a pretty good idea of what the error was in your transmission...of course you can and definitely should turn these off.
Intercepting a wireless transmission is obviously a thousand times easier than intercepting wireless and much less obvious...i figure seeing someone plugged into your switch sitting next to you makes it pretty obvious that they're sitting around watching you. Honestly, if i was gonna do something to use your net connection, i'd try to get all your wireless packets routed in through me and just do a man in the middle attack so that, at least while you're there, i could get on. what happens after they login though...is that garbage still encrypted...like are they just given a private key for wireless transmissions or what? ---------------------------------------------------- Adam Newhard Microstrain, Inc. If vegetarians eat vegetables, watch out for humanitarians ----- Original Message ----- From: "Craig Brauckmiller" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 08, 2003 1:33 PM Subject: HTTPS - How hard to decrypt? > > > We have begun rolling out wireless cards to our VP laptops. We have also > purchased T-Mobile Hotspot accounts for them to use in such places as > Starbucks, American Admiral's Clubs, etc. > > >From my testing, the user name and password entry screen that TMobile > requires you to fill in before they will allow you to do any type of > surfing. > > The login page does use HTTPS, so I assume the user name and password are > encrypted when the user submits the page. > > How hard is it to decrypt SSL based traffic over a wireless link or wired > for that matter? Is it something trivial, or would it take some time to > break? I just worry about a hacker hanging out at Starbucks and snagging > a user name and password for free internet access. > > Thanks > > Craig Brauckmiller > > -------------------------------------------------------------------------- - > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! > The Gartner Group just put Neoteris in the top of its Magic Quadrant, > while InStat has confirmed Neoteris as the leader in marketshare. > > Find out why, and see how you can get plug-n-play secure remote access in > about an hour, with no client, server changes, or ongoing maintenance. > > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm > -------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
