ultimately, no matter what the encryption scheme people can krack it,
particularly if they don't need the info in real time and can let a
computer(s) bang away with it for awhile. whith todays machines most
cryptography isn't that great. any encryption scheme can be broken by
brute force, and with many encryption schemes people will have your key
as soon as they decrypt something. if you really need security (like
for banking, or business secrets) nothing is as secure as a wire of
fiber optic cable. it may take 2 days of airport traffic to easilly
break the key, but the 2 days of traffic probably just makes it a
trivial cracking exercise, someone willing to put more processor time
into it could crack the network with far less traffic, possibly quickly
enough to get your data even if you change your key periodically.
sadly, the nsa has pressured companies into using weak encryption and
often back doors on there software. none of the banks outside the U.S.
will use U.S. encryption programs for just this reason. infact, the nsa
had a deal with a swiss encryption company and has been reading the most
secret communications of about 150 countries for decades before the
truth was learned. encryption is just like any other security device,
it deters the casual person but a determed expert can always bypass it.
as an example, i've met someone who was very good at breaking into
jewelry stores, usually when he was drunk, the alarms never went off but
they found him passed out the next morning, this happened several times.
if someone can defeat good alarms, even when almost unconscious just
think what someone sober could do. a firewall does nothing to protect
your wireless network, an intruder can pretend to be one of your
machines, the wireless hub doesn't really know where things come from
except by where they claim to be from. making the wireless part a
subnet won't really help either. also, key length doesn't necessarily
coincide with security, a long key that's redundant or not very random
may provide less security than a shorter key that is more random. the
choice of encryption algorithm makes far more difference than the key
length in terms of how hard it is to crack. unfortunately, given the
wireless data is in ethernet format there are parts of the message that
the code breaker knows something about, like the ip numbers and other
house keeping info, this is of great help to the code breaker. you can
bet any wireless hub made in the us has bad encryption and or a back
door, in fact law enforcement has succesfully argued against better
encryption for cell phones, and motorola has a patent on a way to make
rerouting and monitoring invisible to the user. fact is the goverment
wants to be able to easilly crack any message or data, personal or
business, and wants especially to be able to decrypt any wireless
transmissions. it's a sad state of affairs. the justification is
usually the "need" to stop terrorist etc., but i'd say the loss of
business secrets has a far greater inpact on national security. the
problem is not that i'm paranoid, but that goverment agencies are so paranoid.
Ian Sidle wrote:
>
> --
> I've heard of the horrible security on these things, even with the
> encryption turned on. it takes about 2 days (with the base station
> sitting alone) for it to send enough packets for the key to be
> figured out. There was several articles on slashdot about it.
>
> anyhow, I would like to know if there are base stations that will
> only transmit data that is on its subnet? I allready have a network,
> and my linux box (ipmasq(nat)-well its now iptables...sorta,
> firewall,file server,etc) is already on 24/7 for security,allow
> others on,etc.
>
> So I was thinking of putting the base station on its own subnet, and
> talk to the linux box through some sort of a firewall and
> eventually/preferably through a vpn of some sort. I already have a
> network, and is too much to get another card just for the base
> station. So this is kinda a multi-part question..
>
> I do NOT have a base station yet. Know of any good one's, preferably
> with encryption (that works with mac's, I think its limited to 40
> bit),mac address limits,etc. Please list what it has..
>
> preferably does NOT have a modem or nat (often called a "gateway"),
> for I have no need (my linux box is already doing it).
>
> I am willing to go with nitty griddy stuff. For example, it doesn't
> have to come with mac software. It doesn't even have to have a
> webpage, if it can be configured by console. Just need to be able to
> be configured SOMEHOW. I have access to windoze machines if needed
> for the software configuration.
>
> Summary
> So I'm looking for the best deal of a base station, which "base
> station". I want/need the most security possiable. It can be apple or
> otherwise. Detail's, experiences,etc. I asked the subnet question to
> the ibook list and didn't get an answer. The macnetwork is probably
> more appropriate sense you would know how a network works.
--
MacNetwork is sponsored by <http://lowendmac.com/> and...
XRouter Pro | Share your DSL or cable modem between multiple computers!
Dr. Bott | Only $199 <http://www.drbott.com/prod/MIH130.html>
Now shipping! Farallon Wireless SkyLINE PCI Card for Mac Desktops!
<http://www.farallon.com/le/skyline/pci/index.html>
Support Low End Mac <http://lowendmac.com/lists/support.html>
MacNetwork list info: <http://lowendmac.com/lists/macnet.html>
Send list messages to: <mailto:[EMAIL PROTECTED]>
To unsubscribe, email: <mailto:[EMAIL PROTECTED]>
For digest mode, email: <mailto:[EMAIL PROTECTED]>
Subscription questions: <mailto:[EMAIL PROTECTED]>
Archive: <http://www.mail-archive.com/macnetwork%40mail.maclaunch.com/>
Using a Macintosh? Get free email and more at Applelinks!
<http://www.applelinks.com>
