Hacker News new | past | comments | ask | show | jobs | submit login

I would have expected each wireless client, on an encrypted network, to negotiate its own key with the access point -- so you'd only see neighbors' traffic if the access point chose to rebroadcast it to you.

Are you sure that neither WEP nor WPA/WPA2 do it this way?

The encryption is between your client and the AP. Uaually everything after that is standard IP.

That's what I thought -- enough to protect against fellow wireless sharers, but not the hosting establishment or path through their ISP to a website.

No, you misunderstood. It's enough to protect you against random people sniffing wireless packets. Not other people that are on your network.

Your terminology "the network" or "your network" is still unclear; encryption to the AP could be unique per wireless network client, or not. If it is unique per client -- and it is my belief that recent standards, like WPA2 at least, provide this -- then casual passive eavesdropping by other wireless clients (as with the FireSheep tool) is thwarted. (And that's what most people are most concerned about.)

Are you suggesting that no generation of WEP or WPA protects against other authorized wireless users of the same AP, because they're "on your network"?

[rewritten completely to seek clarification]

WPA enterprise allows a separate (changing) key for each user, typically what you get from an RSA token. Once it gets to the AP, it's then clear text (assuming HTTP) over the rest of the internet until it hits your (HTTP) service provider.

If you have control over the internet between the AP and your server, then you're safe. If you don't, then how safe you are depends on how much you can trust the owner of each router along the way. In general, you should be okay, except that every now and then you might end up on an untrusted router, and it's then game over.

Sorry, did not follow this part - "Not other people that are on your network.". Care to elaborate?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact