Lars Nooden schrieb:
Although my knowledge about IPsec is spare, your solution sounds profound to me. But it would require IPsec on Haiku's side, wouldn't it? At the moment there is no IPsec implementation provided by Haiku.Colin Günther wrote:Yes, you could use some higher layer security mechanism to protect your data transmission, at least. Still it would be possible for your neighborhood to hijack your wifi connection and surf on your cost and on your identity.Authentication gateway should deal with that and make the connection unique to specific users. IPsec might give a unique identifier.
There is some documentation about the network stack architecture here: http://www.haiku-os.org/documents/dev/haiku_network_stack_architecture. Packet filtering has still to be implemented, though (not mentioned in the link, just a quick look through the sources).What kind of packet filter does Haiku use? Are there any notes or documentation online?
Colin Günther wrote:And IIRC those methods were introduced, due to the debacle with WEP security. Which was rendered as being unsecure rather quickly afterits introduction. Which is why WPA/WPA2 were invented. Both ranked high on my todo list :)They rank high on other people's lists, too. But maybe not on any list it is good to be on. ;) WPA / WPA2: http://securityandthe.net/2008/10/12/russian-researchers-achieve-100-fold-increase-in-wpa2-cracking-speed/ http://www.smallnetbuilder.com/content/view/30278/98/ http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf
Nice links!
Mmh, IPv6 isn't implemented yet. I'm not sure about the rest, presumably they aren't supported/implemented atm either.We could take a message from Kerberos and just work around the fact that the transmission medium is probably compromised and just assume it is 100% compromised. The first link talks about unfortunate boondoggles called VPNs, but IPSec and SSL VPNs are the secure options. So, just a guess, the same security might be achieved by using IPsec by itself, presumably with IPv6. Just a stab in the dark. /Lars
-Colin