DJA wrote:
Forget WEP, it's trivial to crack anymore. Use WPA/WPA2 which are now well-supported in Linux (in fact wpa_supplicant works better in Windows
HA! Well-supported. Translated: You can screw around with it for hours and then *maybe* it will work. Don't expect it to recover gracefully from things like momentary disconnects. Don't expect authentication to work all the time. I fought, and fought, and fought, (ad infinitum) to get it to work on several adapters; none of them worked well. Which is why I came up with the isolated network and VPN hung off the pix firewall solution. It's easily cross-platform, since the cisco vpn client is available for most popular platforms (solaris, x86{,_64} linux, winsucks, etc.) and can even coexist with free implementations like freeswan or whatever so your obscure hardware can also work with it. I trust 256 bit AES or 168 bit 3DES IPSEC more than I do WPA and some stupid, obscure EAP scheme. The same thing could probably be done with a PC running freeswan and a second ethernet board to isolate the network. You also get the added benefit of offloading the encryption to a more powerful processor, since the processors in most access points are garbage.
than the Microsoft version). Wpa_supplicant now fully supports Wireless Extensions so things are easier than ever. Also look at NetworkManager.
Yeah, but it's still up to the individual hardware driver to provide the callbacks to the hardware for this, and some (actually, a lot of) hardware doesn't provide the proper interface to do frame injection or software frame sequencing, which is something upon which WPA depends. If you're doing something like WPA-PSK (which is fairly straightforward) i imagine it will work fine. But when you add some sort of EAP to the mix, things start breaking really quickly. For me, at least, WPA isn't an option right now.
-kelsey -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
