On Thu, 29 Mar 2007 22:12:35 +0200 (CEST), Siegbert Marschall wrote > Well, > > > I'd be more scared of the hacker that can bypass wep, > > > > than the average joe without wep. > > > > The hacker knows how to exploit your wep-decrypted network traffic, > > > > the average joe doesn't even if it were plain-text data. > > > it's not always about sniffing something, sometimes it's about > access only. > If somebody does something bad with my unencrypted access-point > using my internet-access, here in germany I am liable. > If I configure feeble WEP64/40 I am not since there is at least > some "protection" to be illegaly bypassed before the network can > be used. > > Same with your car, leave the door open and the key in the lock for > everybody even minor to drive and the accident will be your problem > since the car hasn't been stolen. Lock the car and not matter if you > can short and open the thing with your fingers only it's a different > story since the car is "stolen". > > So even though WEP is trash, from certain points of view it's a usefull > as a cheap padlock on the garden hood so the next neighbours children > don't kill themself with the axe or whatever is in there. If they > break the window and get in there, it's their problem. Not that this > is a lot more difficult then cracking WEP. /pun Cracking windows just > makes more noise. > > Of course this is all a bit simplified but maybe some of the people > here declaring that WEP is trash and shouldn't be used wake up and > see that even "trashy" protection has it's use as long as it offers > "some" protection. > > -sm
What I'm about to say is from the prespective of someone who uses openbsd for a gateway, router, and firewall. I speak from this prespective because the original poster wants to know how to get wep working on OpenBSD. If you use linksys or some such this doesn't apply. If you think wep is good for authentication, i.e. keeping the neighbors out, it would make more sense to use authpf. Authpf is more secure and auditted by OpenBSD. I'm sure we can all agree that authpf has not yet been proven to be breakable, but wep has. So why use a cheap pad lock when an easy-to-setup unbreakable one is available. Now let's talk about speed. With authpf, a person just ssh's to the gateway and now has the same network bandwidth as an unencrypted network (minus the ssh connection of course but I'm sure that bandwidth is minimal). Someone who uses wep for authentication, slows down his bandwidth considerable compared to authpf because each network packet has to be encrypted with an unsecure protocal. Also the gateway's and client's cpu resources are increased to make that breakable-in-one-hour encryption. If you have more than one client, gateway's resources is used up even more. My advice, 1) OpenBSD gateway, windows client = OpenVPN (or OpenBSD's ipsec but good luck) 2) OpenBSD gateway, OpenBSD client (or any ipsec compatible client) = OpenBSD's ipsec 3) OpenBSD gateway, whatever client but don't care about encrypting my network traffic = authpf
