Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Secure your internet connection at Starbucks' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Secure your internet connection at Starbucks
Authored by: gork on Aug 30, '07 11:05:03AM

It is important to understand exactly what is going on here and why this actually works.

802.1x does not encrypt your traffic. It is a secure (in the case of TTLS anyway) protocol that authenticates you to the network. In the case of 802.11 networks in addition to authenticating your access to the network they will also negotiate a pairwise master key (PMK) which in a properly configured network will be unique between the access point and your computer. This key is then used to encrypt the traffic with WPA. This key in conjunction with WPA is what protects your traffic from being observed by other wireless users -- either unauthenticated users with no keys or authenticated users with different PMK's. It is worth noting that your traffic could be intercepted and later decrypted if the PMK you are using can be discovered or brute-forced.

Once your traffic hits the wired network though, it's in the clear. I highly doubt that T-Mobile is going through the truble of maintaining 802.1x authentication on all of its wired infrasturcture much less running transport mode IPSec on it. Obviously you still need to take the precautions of using SSL/SSH and avoiding insecure protocols but secure authenticated access to wireless networks is still critical in the scheme of things.



[ Reply to This | # ]