20 Aug 2001 andrewsj   » (Journeyer)

Nothing much as far as programming happened today. I have started on my research assistantship for the next semester. This summer I basically learned a lot of the background for cryptography, and now I am going to start my actual job of reading papers, and presenting them to my advisor, and the seminar on occassion. My first paper I have been reading is called "Weaknesses in the Key Scheduling Algorithm of RC4" by Fluhrer, Mantin, and Shamir. It is quite fitting that I am studying this paper, since right now I am typing this entry via an 802.11b network (airport for apple people). 802.11 uses a protocol called WEP, which stands for Wired Equivalent Privacy. The idea was to make the info that is flying through the air as private as wired communication. Well, I don't think wired communication is that secure and it turns out that WEP is not secure at all. These blokes show that recover of the key (which is the secret passphrase that makes the encryption work) can be done in a "negligible amount of time which grows only linearly with its size". Well, I guess I should be careful what I type! A related store was covered @ slashdot, about an intern who implimented this and was about to recover a unknown key in about 2 hours. At that the dickens. I get a wireless network, and now it is up for anyone to use, and snoop.

Well before one loses all sense of dispair, you can impliment a encryption layer over the tranportation layer... Basically you make it so all your wireless stations encrypt via something like SSH all traffic (TCP/IP) going out. Then you have a router (like a linux box) that decrypts and passes it on like a good proxy. I am not doing any of this as I don't think it is an issue as of now, but I know I am not going to be typing account numbers or anything like that on my wireless connection... That is what my roommate's desktop is for ;)

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!