Re: Safe to use https over unsecured wifi hotspot?


From: John - view profile
Date: Tues, Feb 14 2006 2:29 pm
Email: "John" <j...@xxxxxxxxxxxxxxxx>
Groups: alt.internet.wireless
Not yet rated
Rating:
show options

Reply | Reply to Author | Forward | Print | Individual Message | Show
original | Report Abuse | Find messages by this author

What are you doing if you get a Browser Window saying:
"Unable to verify the identity of webmail.somedomain.com as a trusted
site.
[Accept temporarily] [Accept permanently] [Cancel]"
If you would klick anything other then cancel you are insecury!

I would just like to know if https is using a stronger or weaker security
then wep/wpa, that's all...


Both WEP and SSL uses the RC4 encryption algorithm.. WEP weakness is in
the keying distribution algorithm ( or lack there of). SSL uses X509
certificaticates to authenticate the server through a trusted third
party to the client... once authenticated then the client creates a
shared secret session key and sends tot he server encrypted withe the
server's public key obrtained from the certificate - as long as the
chain of trust is intact for the servers certificate, then it is
resonablely safe. WPA uses the RC4 encryption as well but is head and
shoulders above WEP because it uses the Temporal Key Integrity Protocol
(TKIP) for an actual key derivation and schedualing algorithm. Only
known feasible attack is when using WPA with a PreShared key - it is
subject to a dictionary attack - so use good "pass phrase" selection
techniques and it should be reasonable secure.

The above applies to transmission only - once on your machine as
another poster states, you need to protect with a good firewall ect.

So to answer your question WEP - no good WPA - good HTTPS - good WPA
+ HTTPS = better WPA + HTTPS + VPN = best

.

Relevant Pages

  • Re: did i misunderstand?
    ... authentication, I have Open, Shared, WPA, and WPA-PSK. ... encryption options are WEP, TKIP, and AES. ... > I currently have IAS running and have installed certificate server ... >>>and configure tkip and aes encryption instead of the easily broken wep? ...
    (microsoft.public.windows.server.sbs)
  • Re: Certificate Services
    ... PEAP still requires that the IAS/radius server have a certificate, ... > Implementing WPA with RADIUS doesn't mean you HAVE TO install Certificate ...
    (microsoft.public.security)
  • Re: WPA with IAS and PEAP-EAP-TLS Auth. and CA on W2003 standard
    ... WPA is supported with RADIUS. ... > When you do RADIUS authentication at present ... WPA is good when you don't have> a RADIUS server. ...
    (microsoft.public.internet.radius)
  • Re: Intruder in my wireless network? / intrusion detection programs
    ... a modicome of security enabled. ... Since WEP is pretty much worthless, I personally think WPA should always be ... WPA so they are still using WEP if anything at all. ... newer Access Points and Client Adapters that do support WPA can be ...
    (alt.internet.wireless)
  • Re: 802.1x wireless lan how to?
    ... Configured ISA to allow certificate auto enrollment ... set for WPA with AES and some WPA2 with AES. ...
    (microsoft.public.windows.server.sbs)