On Mon, Apr 02, 2007 at 08:38:55AM -0500, Chris Black wrote:
> Joachim Schipper wrote:
> > On Mon, Apr 02, 2007 at 10:53:50AM +0800, Lars Hansson wrote:
> >
> >> Joachim Schipper wrote:
> >>
> >>> All in all, I might choose OpenVPN if it involved end users (lots of
> >>> NAT, Windows, and o
Joachim Schipper wrote:
> On Mon, Apr 02, 2007 at 10:53:50AM +0800, Lars Hansson wrote:
>
>> Joachim Schipper wrote:
>>
>>> All in all, I might choose OpenVPN if it involved end users (lots of
>>> NAT, Windows, and other crappy stuff),
>>>
>> OpenVPN isn't exactly awesome on Windows
On Mon, Apr 02, 2007 at 10:53:50AM +0800, Lars Hansson wrote:
> Joachim Schipper wrote:
> >All in all, I might choose OpenVPN if it involved end users (lots of
> >NAT, Windows, and other crappy stuff),
>
> OpenVPN isn't exactly awesome on Windows.
No, but 'not exactly awesome' is pretty much a g
mail-lists wrote:
This would be great. However, I've yet to find an IPsec client that's
'easy' to set up.. ie. an end user can do it. Perhaps you know of a good
way to solve this issue? I'd love to hear it!
TheGreenbow.
---
Lars Hansson
Joachim Schipper wrote:
All in all, I might choose OpenVPN if it involved end users (lots of
NAT, Windows, and other crappy stuff),
OpenVPN isn't exactly awesome on Windows.
---
Lars Hansson
On Sat, Mar 31, 2007 at 03:03:06PM +1000, Sunnz wrote:
> So both OpenVPN and Ipec are VPN? Which one is more secure? If I have
> UNIX(like) OS only in my network which one can be used?
Yes, they can both be used to implement VPNs. Most operating systems
have some degree of support for IPsec, and O
Actually...
16^40
1461501637330902918203684832716283019655932542976
60^27
1023490369077469249536000
Most advice I get from people are 8 characters or more... this is
stronger than 27 alphanumeric characters.
Yea, end of discussion...
Let's talk about VPN!!! :D
So both
On 30-Mar-07, at 10:58 AM, Sunnz wrote:
But would any hacker actually try to brute force it by 16 character of
from length 1 to length 40? Maybe I only used 16 possible characters
instead of 60, but it is a really long key.
$ bc
16^40
1461501637330902918203684832716283019655932542976
60^30
221
On Fri, 30 Mar 2007 08:45:44 -0500, mail-lists wrote
> > Openvpn
>
> Unless I'm mistaken Openvpn is not equal to Ipsec
good enough to accomplish the job securely. Better than ipsec if you have no
control of the network you are on, i.e. you are a mobile user who happens to
be on a wireless ne
Darren Spruell wrote:
On 3/30/07, mail-lists <[EMAIL PROTECTED]> wrote:
> Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
Depends on what you mean by "equal to" - OpenVPN makes use of SSL/TLS
rather than the transport protocols IPsec employs, but they are of
similar equivalence
On Thu, 29 Mar 2007 22:12:35 +0200 (CEST), Siegbert Marschall wrote
> Well,
>
> > I'd be more scared of the hacker that can bypass wep,
> >
> > than the average joe without wep.
> >
> > The hacker knows how to exploit your wep-decrypted network traffic,
> >
> > the average joe doesn't even if it w
On Fri, 30 Mar 2007 07:41:35 -0500, mail-lists wrote
> > Why bother adding WPA when you can turn many wlan cards into AP-mode and
> > have an OpenBSD box serve wireless computers with IPsec capabilities.
> > You then have an AP with many more capabilities than any
> > linksys/netgear/whatever AP.
>
But would any hacker actually try to brute force it by 16 character of
from length 1 to length 40? Maybe I only used 16 possible characters
instead of 60, but it is a really long key.
And I suppose the the hash could be converted to 36 characters
[a-z0-9] if I am really paranoid?
2007/3/30, Jere
On 30-Mar-07, at 7:03 AM, Sunnz wrote:
You mean you can choose an unlimited set of characters as the key??
What I meant was that you're only choosing from [a-f0-9] when you
could use characters from the whole alphabet, upper and lowercase as
well as punctuation. I can't claim to understand
On 3/30/07, mail-lists <[EMAIL PROTECTED]> wrote:
> Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
Depends on what you mean by "equal to" - OpenVPN makes use of SSL/TLS
rather than the transport protocols IPsec employs, but they are of
similar equivalence in terms of security. O
mail-lists wrote:
>> Openvpn
>
> Unless I'm mistaken Openvpn is not equal to Ipsec
>
You are not mistaken. Openvpn uses SSL over regular IP packets with its
own server/client setup on a dedicated port (1194). IPSec is a different
protocol (proto esp rather than tcp or udp). We moved from an
isa
Openvpn
Unless I'm mistaken Openvpn is not equal to Ipsec
mail-lists([EMAIL PROTECTED])@Fri, Mar 30, 2007 at 07:41:35AM -0500:
> >Why bother adding WPA when you can turn many wlan cards into AP-mode and
> >have an OpenBSD box serve wireless computers with IPsec capabilities.
> >You then have an AP with many more capabilities than any
> >linksys/netgear/wh
Why bother adding WPA when you can turn many wlan cards into AP-mode and
have an OpenBSD box serve wireless computers with IPsec capabilities.
You then have an AP with many more capabilities than any
linksys/netgear/whatever AP.
This would be great. However, I've yet to find an IPsec client that'
sure I have that file on all my computers... should be random and
> long enough?
>
> 2007/3/30, Damon McMahon <[EMAIL PROTECTED]>:
>> > From: "Nick !" <[EMAIL PROTECTED]>
>> > Date: 29 March 2007 2:16:31 PM
>> > To: OpenBSD-Misc
>&g
Eric Dillenseger <[EMAIL PROTECTED]> writes:
> Why bother adding WPA when you can turn many wlan cards into AP-mode and
> have an OpenBSD box serve wireless computers with IPsec capabilities.
For my own networks, that's exactly what I do.
Trouble is, you will encounter networks run by people w
Hi Henning,
> * Siegbert Marschall <[EMAIL PROTECTED]> [2007-03-29 22:13]:
>> If somebody does something bad with my unencrypted access-point
>> using my internet-access, here in germany I am liable.
>
> no, you're not. it's not that easy. (and I just leave mine wide open)
>
well, I didn't say wha
> > no, you're not. it's not that easy. (and I just leave mine
> wide open)
As far as I know, if you leave it open you're not liable because
you cannot prove who would have strolled by. If you put any
sort of security at all to prevent outsiders it can be reasonably
assumed that you were the pers
On Fri, Mar 30, 2007 at 10:51:23AM +0800, Lars Hansson wrote:
> Jeremy Huiskamp wrote:
> >I'd like to hear an actual developer position on that statement.
>
> Check the archives for Reyk's comments on WPA. It will be in OpenBSD one
> day because, secure or not, it is gaining traction and is/will
On Fri, Mar 30, 2007 at 01:03:32AM +0200, Henning Brauer wrote:
> * Siegbert Marschall <[EMAIL PROTECTED]> [2007-03-29 22:13]:
> > If somebody does something bad with my unencrypted access-point
> > using my internet-access, here in germany I am liable.
>
> no, you're not. it's not that easy. (and
t; <[EMAIL PROTECTED]>
> Date: 29 March 2007 2:16:31 PM
> To: OpenBSD-Misc
> Subject: Re: Long WEP key
>
>
> On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
>
>> Maxime DERCHE wrote:
>> > IMHO you should think to configure your AP to provide a
Jeremy Huiskamp wrote:
I'd like to hear an actual developer position on that statement.
Check the archives for Reyk's comments on WPA. It will be in OpenBSD one
day because, secure or not, it is gaining traction and is/will be
required by many AP's (especially "enterprise" AP's).
---
Lars
ake sure I have that file on all my computers... should be random and
long enough?
2007/3/30, Damon McMahon <[EMAIL PROTECTED]>:
> From: "Nick !" <[EMAIL PROTECTED]>
> Date: 29 March 2007 2:16:31 PM
> To: OpenBSD-Misc
> Subject: Re: Long WEP key
>
>
>
:16:31 PM
> To: OpenBSD-Misc
> Subject: Re: Long WEP key
>
>
> On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
>
>> Maxime DERCHE wrote:
>> > IMHO you should think to configure your AP to provide a WAP-based
>> > encryption...
>>
>> WAP-based
> Right. As long as we understand that it sucks, it's OK to use? I know
> when I think about securing my data I'm interested in keeping only the
> average joes out.
I don't know about you, but I use wireless security as an extra layer.
It might suck, but it keeps the next door neighbour's laptop f
* Siegbert Marschall <[EMAIL PROTECTED]> [2007-03-29 22:13]:
> If somebody does something bad with my unencrypted access-point
> using my internet-access, here in germany I am liable.
no, you're not. it's not that easy. (and I just leave mine wide open)
--
Henning Brauer, [EMAIL PROTECTED], [EMA
From: "Nick !" <[EMAIL PROTECTED]>
Date: 29 March 2007 2:16:31 PM
To: OpenBSD-Misc
Subject: Re: Long WEP key
On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
Maxime DERCHE wrote:
> IMHO you should think to configure your AP to provide a WAP-based
> encryption.
On Thu, Mar 29, 2007 at 10:22:36PM +1000, Sunnz wrote:
> Then is it possible/practical to connect to a VPN machine on your LAN
> and use the VPN's machines connection?
>
> For a simplistic example, say I've got a wireless router gateway, with
> a cable connected OpenBSD server, and I connect to th
Hi,
> I'd like to hear an actual developer position on that statement. I
> read it as a criticism of the way WPA is used more than of the
> protocol itself. As in, it's of little value to encrypt the traffic
> if you allow anybody to access it. If Theo was saying that it sucks
> even when you'r
Well,
> I'd be more scared of the hacker that can bypass wep,
>
> than the average joe without wep.
>
> The hacker knows how to exploit your wep-decrypted network traffic,
>
> the average joe doesn't even if it were plain-text data.
>
it's not always about sniffing something, sometimes it's about
On 29-Mar-07, at 9:59 AM, Nick ! wrote:
Nick ! wrote:
Theo has claimed somewhere that I can never find the link to
http://www.tjrforum.com/archive/index.php/t-2513.html gives a quote
but
I can't find the original source.
I'd like to hear an actual developer position on that statement.
I'd be more scared of the hacker that can bypass wep,
than the average joe without wep.
The hacker knows how to exploit your wep-decrypted network traffic,
the average joe doesn't even if it were plain-text data.
never find the link to
> > that WPA gives a false sense of security anyway.
> >
> I am curious about this too, so if anyone got the link it would be
> great to post it, thanks.
Here you go:
-- Forwarded message --
From: Jon Radel <[EMAIL PROTECTED]>
Date: M
bout this too, so if anyone got the link it would be
great to post it, thanks.
Here you go:
-- Forwarded message --
From: Jon Radel <[EMAIL PROTECTED]>
Date: Mar 29, 2007 1:17 AM
Subject: Re: Long WEP key
To: Nick ! <[EMAIL PROTECTED]>
Nick ! wrote:
Theo has claimed
On 2007/03/29 21:44, Sunnz wrote:
> I am curious about this too, so if anyone got the link it would be
> great to post it, thanks.
>
> So VPN is the way to go if you really want to secure your wireless network?
VPN is good at adding privacy and authentication protection to
transmitted data. I'm n
Then is it possible/practical to connect to a VPN machine on your LAN
and use the VPN's machines connection?
For a simplistic example, say I've got a wireless router gateway, with
a cable connected OpenBSD server, and I connect to the server 's VPN
via the router wirelessly from my laptop.
2007/
Sunnz wrote:
So VPN is the way to go if you really want to secure your wireless network?
VPN only secures traffic to and from the gateway, not *among* machines
connected to the AP. If your AP is OpenBSD then VPN would work but most
off-the-shelf AP's cant act as VPN endpoints and for those WE
I am curious about this too, so if anyone got the link it would be
great to post it, thanks.
So VPN is the way to go if you really want to secure your wireless network?
2007/3/29, Nick ! <[EMAIL PROTECTED]>:
On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
> Maxime DERCHE wrote:
> > IMHO you
On 3/29/07, Darren Spruell <[EMAIL PROTECTED]> wrote:
On 3/28/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
> Care to explain how not using WEP and allowing average joe easy access
> to your AP and network is better than running WEP and preventing him?
No, because I'm not trying to make the point
On 3/28/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
Darren Spruell wrote:
> Right. As long as we understand that it sucks, it's OK to use?
Care to explain how not using WEP and allowing average joe easy access
to your AP and network is better than running WEP and preventing him?
No, because I'
On 3/29/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
Maxime DERCHE wrote:
> IMHO you should think to configure your AP to provide a WAP-based
> encryption...
WAP-based encryption? Do you mean WPA?
And to answer the original question: because OpenBSD doesn't support
WPA, and Theo has claimed som
Maxime DERCHE wrote:
IMHO you should think to configure your AP to provide a WAP-based
encryption...
WAP-based encryption? Do you mean WPA?
---
Lars Hansson
Darren Spruell wrote:
Right. As long as we understand that it sucks, it's OK to use?
Care to explain how not using WEP and allowing average joe easy access
to your AP and network is better than running WEP and preventing him?
Maybe it's OK to run telnetd so long as it's on port 10023 too?
On 3/28/07, Lars Hansson <[EMAIL PROTECTED]> wrote:
Maxime DERCHE wrote:
> There is a thing that I can't understand : why install and configure a
> "secure by default" OS if you use a WEP-based encryption on your Wi-Fi
> network, that anyone can crack in less than an hour ?
Because it adds a min
Maxime DERCHE wrote:
There is a thing that I can't understand : why install and configure a
"secure by default" OS if you use a WEP-based encryption on your Wi-Fi
network, that anyone can crack in less than an hour ?
Because it adds a minimum level of security that unencrypted doesn't?
Sure, it
Hello.
There is a thing that I can't understand : why install and configure a
"secure by default" OS if you use a WEP-based encryption on your Wi-Fi
network, that anyone can crack in less than an hour ?
IMHO you should think to configure your AP to provide a WAP-based
encryption...
Best regards
Yes, you are right, I only add the 0x before the key.
Thanks and Regards
--- Gordon Stratton <[EMAIL PROTECTED]> escribis:
> On 3/28/07, Rafael Morales <[EMAIL PROTECTED]>
> wrote:
> > I have in my /etc/hostname.wi0
> > dhcp NONE NONE NONE nwkey
>
> Rafael,
>
> I've received this error when
On Wed, Mar 28, 2007 at 09:32:44AM -0500, Rafael Morales wrote:
> I have OpenBSD 4.0, and I have troubles trying to
> connect my wireless with my AP.
>
> I have in my /etc/hostname.wi0
> dhcp NONE NONE NONE nwkey
>
> But when I restart the net I see this message:
> sudo sh /etc/netstart
> ifconf
On 3/28/07, Rafael Morales <[EMAIL PROTECTED]> wrote:
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey
Rafael,
I've received this error when I've tried to set a hexadecimal WEP key
without the leading 0x. Example:
DEADBEEF...
vs
0xDEADBEEF...
Try that and see if it fixes your p
Nick ! wrote:
> On 3/28/07, Rafael Morales <[EMAIL PROTECTED]> wrote:
[..]
> Your symptons are pretty obviously the result of the key being set
> wrong, as you guessed. I don't know what it might be. Try reading the
> /etc/netstart script. By pen and paper, trace the values of variables.
In case y
On 2007/03/28 09:32, Rafael Morales wrote:
> I have OpenBSD 4.0, and I have troubles trying to
> connect my wireless with my AP.
see the nwkey description in ifconfig(8) or wi(4),
your key is too long
> dhcp NONE NONE NONE nwkey
On 3/28/07, Rafael Morales <[EMAIL PROTECTED]> wrote:
I have OpenBSD 4.0, and I have troubles trying to
connect my wireless with my AP.
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey
But when I restart the net I see this message:
sudo sh /etc/netstart
ifconfig: strings too long
DHCPD
I have OpenBSD 4.0, and I have troubles trying to
connect my wireless with my AP.
I have in my /etc/hostname.wi0
dhcp NONE NONE NONE nwkey
But when I restart the net I see this message:
sudo sh /etc/netstart
ifconfig: strings too long
DHCPDISCOVER on wi0 to 255.255.255.255 port 67
interval 1
DHC
58 matches
Mail list logo
