just a note on WEP...While it is better than nothing at all, it's becoming all too common. At least consider WPA or better, WPA2, if your equipment will handle it.
That said, in comparison, the systems used with Wi-Fi (WES, WPA, WPA2) are fairly weak and they can be broken but it does take some work and doing it is beyond and "average" home computer user. The security available to Wi-Fi users isn't perfect but it is "good enough".
Yes, EXACTLY! So if you're doing Wi-Fi using ONLY one of these protocalls to provide protection, then you're on shaky ground. But most people use a browser when using Wi-Fi to access the internet, and when you browse to a secure site, the browser will then switch to https mode (just look at your URL line if your not sure). This will TUNNEL SSL (which is very heavily encrypted) inside the Wi-Fi encryption. You're quite safe at that point.
So I guess that begs the question - Is wifi encryption simply to keep others from using your access point or is it to "protect" your valuable internet surfing from prying eyes? I've always seen it as a way to prevent others from connection and consider my valuable information protected by superior protocols (VPN and/or SSL).
Dave
Life doesn't come with a safety fence around it... enjoy it anyway.
Public Key/Private Key encryption, as seen in SSL (HTTPS web pages) is pretty secure for what most humans do. We don't need to protect our data forever, we just need to protect it until it is no longer useful. For most things that is about a year, ie you do change all your important passwords at least once a year, right?
The biggest issue with the internet (be it wireless or wired) is the man in the middle attack. Several methods exist to do this but the easy way to think about it is, SSL is only as good as the site you use it to connect to. If I make a site and convince your computer to talk to me to get anything you need, and give you an encrypted connection, you think you are doing well. The reality is, when you type your password in for your bank, I capture the password and then pass it through. Then I present the banks output back to you. You don't even know I'm there.
But to somehow assume that the US mail is secure is quite funny.
Don't take your organs to heaven. Heaven knows we need them here.
----------------
2007 National Surf Side 34DE. Full timing since 1/06/08
2007 Toyota Matrix Da Toad
That said, WEP was a rather weak encryption, effectively only 40 bits. WEP was replaced by WPA, which uses 128-bit keys in 2003. Unless you have old equipment, you are probably using WPA2 which is 256-bit and could, in theory be broken by a petaflop super computer in a couple months.
* This post was
edited 08/18/08 06:56pm by an administrator/moderator *
That said, WEP was a rather weak encryption, effectively only 40 bits. WEP was replaced by WPA, which uses 128-bit keys in 2003. Unless you have old equipment, you are probably using WPA2 which is 256-bit and could, in theory be broken by a petaflop super computer in a couple months.
encrypt |en'kript|
verb - trans.
convert (information or data) into a cipher or code, esp. to prevent unauthorized access.
encrypt |en'kript|
verb - trans.
convert (information or data) into a cipher or code, esp. to prevent unauthorized access.
Creeper,
You need to be careful taking dictionary definitions and applying them to a application (field of cryptography) that has developed a very specific use of some words that have less exact meaning in general use.
For example, cipherandcode are included in the definition because they are different.
In a discussion about WiFi encryption, the mention of the WWII "code talkers" was a red hearing. The code talkers, or any language for that matter, is in fact a code. In English we encode a four legged thing that go "meow" with the letters "cat". Everyone that wants to use a code needs a list of words or phrases and their codes. For example "General" >> 1234, "Tank" >> 5395, "tanker" >> 5934
This is different than say a Caesar cipher.
Back to the OP, yes, the encryption used by WiFi may be able to be broken, but why bother, there are so many open WiFi link? In fact I would contend that the real reason to encrypt a WiFi link is to keep other users from using your web access for nasty purposes.
Unless you have an ex-wife after you, why would someone attack your computer and get 1 ID when they could (have) go after a computer that has info on 100s of cards/accounts? As it turns out many store have computer systems/networks that are no more secure than you PC.
Lou
1959 Streamline 28'
Starband on a tripod
1960 Avion H-24 - gone to a better place
Quote: Most hackers won't bother because there are too many open wifi systems.
...yep...why would the average hacker/white-collar criminal ever want to attempt to decipher someone's even weakly encrypted wifi or https communications?
Wouldn't it be easier to let the fly go to the honey (i.e. rootkits disguised as a freeware; a free open wifi Venus fly-trap)?
Offline
