Security Basics mailing list archives
Re: Dumb question abt. Wireless WEP security 2 - ssl
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Sun, 25 Jan 2004 13:24:50 -0800 (PST)
hi ya hth
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi! As per my understanding, the SSL channel - will not be compromised in case the password is discovered. Of course - in such a case you don't need to do any kind of sniffing etc, u can directly log in! but technically - the 48 byte passphrase used to encrypt the SSL connection (which uses a pre-determined encryption algo (RSA,DES etc)) is exchanged between the the server and the client before the https connection can be setup.
wireless communicatins is done with 40bit rc4 cipher... NOT ssl ... rc4 has been broken back in feb 2001 by simple brute force, and/or by people using dictionary or trivial passwords even if you use wireless w/ ssh or ssl ... your encrypted ssh/ssl data is ( wirelessly ) sniffed and decryptable since your initial passwd/pass phrase was also sniffed c ya alvin
ssh/ssl encryption doesnt help if you use insecure passphrases or an exploitable ssh daemon/clients (wireless stuff) wep is cracked ... more wireless fun http://www.Linux-Sec.net/Wireless/
--------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security 2 D.E. Chadbourne (Jan 21)
- Re: Dumb question abt. Wireless WEP security 2 Paul Kurczaba (Jan 21)
- Re: Dumb question abt. Wireless WEP security 2 Alvin Oga (Jan 22)
- RE: Dumb question abt. Wireless WEP security 2 Prasad S. Athawale (Jan 26)
- Re: Dumb question abt. Wireless WEP security 2 - ssl Alvin Oga (Jan 26)
- RE: Dumb question abt. Wireless WEP security 2 - ssl Prasad S. Athawale (Jan 26)
- RE: Dumb question abt. Wireless WEP security 2 - ssl Random Task (Jan 27)
- Re: Dumb question abt. Wireless WEP security 2 Alvin Oga (Jan 22)
- Re: Dumb question abt. Wireless WEP security 2 Paul Kurczaba (Jan 21)