Comments on: Open, yet encrypted Wi-Fi http://stealthisidea.com/articles/encrypted-wifi/ Philip Haine's articles on Product Vision, Innovation and Design Tue, 06 Dec 2011 23:38:16 +0000 hourly 1 http://wordpress.org/?v=3.3 By: Ryan http://stealthisidea.com/articles/encrypted-wifi/comment-page-1/#comment-7918 Ryan Wed, 18 May 2011 14:48:51 +0000 http://stealthisidea.com/articles/encrypted-wifi/#comment-7918 Having your wifi "encrypted" is not a solution. If someone is going to do bad things, they're going capture your encrypted packets, use aircrack-ng, and decrypt them. That's easy with WEP; it's quite difficult with WPA if you have a good password. An open ssh tunnel is really the only solution for a secure connection; however, there is another option; encrypt your email with 4096 RSA (which is over kill, with GNUPGP, which is free, and don't worry about who gets it. www.gnupg.org/ Also, don't trust Windows for anything that requires security. Mac is not much better. Having your wifi “encrypted” is not a solution. If someone is going to do bad things, they’re going capture your encrypted packets, use aircrack-ng, and decrypt them. That’s easy with WEP; it’s quite difficult with WPA if you have a good password. An open ssh tunnel is really the only solution for a secure connection; however, there is another option; encrypt your email with 4096 RSA (which is over kill, with GNUPGP, which is free, and don’t worry about who gets it. http://www.gnupg.org/ Also, don’t trust Windows for anything that requires security. Mac is not much better.

]]> By: boR http://stealthisidea.com/articles/encrypted-wifi/comment-page-1/#comment-2481 boR Thu, 14 May 2009 06:07:04 +0000 http://stealthisidea.com/articles/encrypted-wifi/#comment-2481 There's ipsec, which is part of ipv6, the next generation ip protocol. IPSec allows x.509-based encryption, which could be negotiated without the need to enter a password using the same kind of key exchange technologies used by e-commerce worldwide. The problem with the widespread implementation of ipsec at the moment is that Microsoft is up to its usual "embrace and extend" games with its (unnecessary and unhelpful) proprietary extensions to ipsec. There’s ipsec, which is part of ipv6, the next generation ip protocol. IPSec allows x.509-based encryption, which could be negotiated without the need to enter a password using the same kind of key exchange technologies used by e-commerce worldwide. The problem with the widespread implementation of ipsec at the moment is that Microsoft is up to its usual “embrace and extend” games with its (unnecessary and unhelpful) proprietary extensions to ipsec.

]]> By: Philip Haine http://stealthisidea.com/articles/encrypted-wifi/comment-page-1/#comment-2480 Philip Haine Thu, 14 May 2009 01:48:21 +0000 http://stealthisidea.com/articles/encrypted-wifi/#comment-2480 Thanks boR, for the tips. This will be of benefit to those who really need it. However this is in no way easy for regular people. It also requires having a machine at home for this task. It adds more steps in the chain that can break. The machine must be on (consuming power) and the server running. It also requires sending all traffic through your home machine, adding overhead. We still need open, yet encrypted WiFi from the café table to the café router, and that it should be completely automatic. Your mom could open her MacBook and surf privately. It's been two years since I posted this article. Is this on the horizon anywhere? Thanks boR, for the tips. This will be of benefit to those who really need it.

However this is in no way easy for regular people.

It also requires having a machine at home for this task. It adds more steps in the chain that can break. The machine must be on (consuming power) and the server running. It also requires sending all traffic through your home machine, adding overhead.

We still need open, yet encrypted WiFi from the café table to the café router, and that it should be completely automatic. Your mom could open her MacBook and surf privately.

It’s been two years since I posted this article. Is this on the horizon anywhere?

]]> By: boR http://stealthisidea.com/articles/encrypted-wifi/comment-page-1/#comment-2477 boR Wed, 13 May 2009 22:33:14 +0000 http://stealthisidea.com/articles/encrypted-wifi/#comment-2477 I'm commmenting on this even though it's old because it is at the top of my google search results: Use OpenSSH. You can encrypt all of your network connections for free, very easily. There are many, many articles online on how to do this, but I'll give you some tips: If you use windows, consider getting cygwin. If you use a mac, you are okay. Set up an ssh server at home, register a dyndns address on your router, and have your router forward port 22 to your ssh server. Then, tunnel. You can use -w or -D, it's really a matter of style. Lock down sshd.conf by allowing public key access only - this will stop the bots from getting into your ssh server. I’m commmenting on this even though it’s old because it is at the top of my google search results:

Use OpenSSH. You can encrypt all of your network connections for free, very easily. There are many, many articles online on how to do this, but I’ll give you some tips:

If you use windows, consider getting cygwin.

If you use a mac, you are okay.

Set up an ssh server at home, register a dyndns address on your router, and have your router forward port 22 to your ssh server.

Then, tunnel. You can use -w or -D, it’s really a matter of style. Lock down sshd.conf by allowing public key access only – this will stop the bots from getting into your ssh server.

]]>