OFF TOPIC: Wireless traffic sniffing
Ian Petersen
ispeters-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Fri Jan 30 20:51:05 UTC 2009
On Fri, Jan 30, 2009 at 12:36 PM, Dave Germiquet
<davegermiquet-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
> I have a question regarding Wireless Traffic sniffing, lets say your
> at a wireless cafe, using an SSL/SSH connection 128 bit whats the
> chances that someone can sniff that connection and see what you are
> doing?
>
> For example, lets say Financial Records, Health Records or Customer Records?
>
> Can this be sniffed pretty easily or should you not even approach
> these type of records?
>
> My first opinion on this would be No, don't even try these type of records.
I always hesitate to give definitive answers to such questions because
my understanding is limited. With that in mind, here is my
understanding anyway.
SSH is safe in this scenario, assuming you're connecting to a host
you've previously connected to in a "safe" manner, and it doesn't ask
you about the server's fingerprint. If SSH asks you about a changed
fingerprint, you should be very suspicious--that's only happened to me
legitimately when a friend swapped out servers behind his public IP
and the fingerprint had actually changed. If SSH tells you it doesn't
know the fingerprint for the server, you need to verify that you're
talking to the right machine before proceeding because you might be
talking to an illegitimate SSH "proxy" that's stealing your data.
SSL is supposed to be safe in this scenario, too, but I have this
niggling feeling that you can't trust the routers, for some reason
but, if that's true, then I think it's a property of all networks, not
just wireless ones. Certainly, once the SSL handshake is over, the
crypto is "strong" and no one's going to crack it in a reasonable time
frame. The handshake might be vulnerable to a man-in-the-middle
attack, or something, though. Here my understanding is too fuzzy to
say anything useful.
Ian
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list