Re: Satellite eavesdropping of 802.11b traffic

[Perry E. Metzger]

"R. A. Hettinga" <[EMAIL PROTECTED]> writes:
> At 12:35 PM -0400 5/27/04, John Kelsey wrote:
>>Does anyone know whether the low-power nature of wireless LANs protects
>>them from eavesdropping by satellite?
>
> It seems to me that you'd need a pretty big dish in orbit to get that kind
> of resolution.
>
> The Keyholes(?) are for microwaves, right?

Dunno if it would work in orbit,, but you can get surprising results
right here on earth using phased arrays.

Vivato is selling very long range phased array equipment as long
range/high quality 802.11 basestations, but you could do precisely the
same trick to eavesdrop instead of to communicate. With enough
computing power, one device could listen in on every 802.11
communication in a very large radius.

I don't know how practical it would be to set up some sort of large
scale phased array in orbit -- I suspect the answer is "not practical
at all" -- but the principle could apply there, too.

Perry

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: The future of security

[Ed Gerck]

Ian Grigg wrote:
...  fundamentally, as Steve suggests,
we expect email from anyone, and it's free.
We have to change one of those basic features
to stop spam.  Either make it "non-free," or
make it "non-authorised."  Hashcash doesn't
achieve either of those, although a similar
system such as a payment based system might
achieve it.
Mind you, I would claim that if we change either
of the two fundamental characteristics of email,
then it is no longer email.  For this reason,
I predict that email will die out (ever so
slowly and painfully) to be replaced by better
and more appropriate forms of chat/IM.
Indeed, email is not so good anymore. When lack of message
security in email becomes clearer to the users, as clear as
spam is today, the value of email will approach zero.
Practically anyone can read the email you send and receive,
your ISP included. What's the fuss with google's gmail? Gmail's
differential is that they do not hide they will search through
your mailbox. Users are realizing that an email is like a postcard,
open for anyone to read and write on it. But encryption and
authentication are a hassle today, with less than 2% of all email
encrypted (sorry, can't cite the source I know).
The problem with current schemes has been that they only work
when both sender AND recipient already use the feature, which
probability is zero in the beginning of adoption. It's a chicken-
and-egg proposition. It is also a change to email. Even though the
existing ideas are sound in principle (e.g., PGP/MIME, S/MIME,
email gateways, etc.) they are all a replacement product with
many barriers for adoption.
Instead of a replacement, I believe that what we need is a
complement to solve the lack of message security in email
(including sender spoofing). Email is just the transport.  The
solution should be able to start from a single end user, should
require no change to records/software that end users do not
control, and should require no cooperation from email providers
and ISPs.
Comments?
Cheers--/Ed Gerck
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Satellite eavesdropping of 802.11b traffic

[R. A. Hettinga]

At 12:35 PM -0400 5/27/04, John Kelsey wrote:
>Does anyone know whether the low-power nature of wireless LANs protects
>them from eavesdropping by satellite?

It seems to me that you'd need a pretty big dish in orbit to get that kind
of resolution.

The Keyholes(?) are for microwaves, right?

Cheers,
RAH

-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ADMIN: 'subscribers only' posting

[Perry E. Metzger]

"Udhay Shankar N" <[EMAIL PROTECTED]> writes:
> Perry E. Metzger said:
>
>> Those of you who habitually post from an address other than the one
>> you are subscribed under can ask me to put you on a special list of
>> people who can post but are not subscribed.
>
> I sympathise. However, some non-zero amount of the traffic on this
> list is being sent through remailers. What happens to that?

I'm afraid that either the remailer owners add their outbound
addresses to the exceptions list I maintain, or the users mail me
directly and ask me to forward their comments, or some such. I dislike
having to do this, but I really had no choice. :(

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: ADMIN: 'subscribers only' posting

[Udhay Shankar N]

Perry E. Metzger said:

> Those of you who habitually post from an address other than the one
> you are subscribed under can ask me to put you on a special list of
> people who can post but are not subscribed.

I sympathise. However, some non-zero amount of the traffic on this
list is being sent through remailers. What happens to that?

Udhay
-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]