Slashdot Mirror
Apple's Airport Upgraded To 128-bit Encryption
ElecMoHwk writes: "Another fine upgrade from Mad Science Research Labs ... Apple's wireless
Airport base station for 802.11 ethernet can be upgraded to 128-bit RC4
encryption. It's an easy fix, but priceless for the paranoid." This is really cool news. I never knew it was just a wireless card in a pretty box. Either way, it's still a cool way to do it. Where would I be without hardware hackers? Thanks, people! I look forward to more of Mad Science Research Labs' stuff in the future.
Well I assume it uses rolling codes, so unless you intercept the data, save it and decrypt it later on using your supercomputer, cluster or pet distributed client etc, the data will change too quickly for you to crack it (using current technology)
Encryption works as long as the data expires before the meantime to decrypt - i.e. if your data is sensitive for 10 years, make sure you use a key that'll take a minimum of >10 years to crack.
Troc
Troc's dubious podcast and blog: http://www.trocnet.net
Cupertino, 5/4/00.
Apple today announced that despite the recent 'upgrade' by certain airlines, their Airport would still operate on the official 40bit system. Any systems attempting to land at the Airport with a 128bit airplane would be refused permission, even if they are painted a really cool pale blue colour.
"We are considering taking them to court over this one - after all, these new airlines look and feel just like our own so who is going to know which is the real one?" Steve Jobs was quoted as saying.
In other news, Apple have deniew rumours that the recent upgrade to MacOS 9.0.4 is to avoid hassles with the OS-9 trademark issue.
We also telephoned Steve Jobs to enquire about the recent Microsoft ruling but all we heard was insane giggling.
Troc's dubious podcast and blog: http://www.trocnet.net
Yes, you can do this. The mode called 'ad-hoc' mode is available on Lucent cards (it's not an 802.11-compliant mode) and allows many machines to talk to each other directly, without the need for an access point/base station. I have personally tested it with up to 6 cards and it works like a charm. The setting is available simply as a little option in the driver (or checkbox in Windows). I don't think any other brands support 'ad-hoc networking.'
/ \
\ / ASCII ribbon campaign for peace
x
/ \
it uses SNMP though so other software should be usable. The author mentions that the Karlbridge software for Windows does everything right.
Not quite. The Karlbridge firmware is what Apple installed in the AirPort Base Stations. However, the Windows KarlBridge configurator cannot completely provision an AirPort Base Station. You cannot set up NAT or DHCP with it, and you cannot control the encryption modes.
The reason for this is: Apple (and the folks who made the KarlBridge) did some nasty stuff with the configuration. Yes, the base station responds to SNMP. However, the MIB tree via which the BS is configured is a set of 64 256-byte strings with shecksumming. To make matters worse, people are having to reverse-engineer how Apple mapped out those strings, and how the checksumming's being done.
I have been working on this for a while, as has a friend of mine (who I believe was linked to on the MSRL page against his wishes. That info is old and invalid -- people should not use it). There is working code that allows one to change most of the configuration options, but not NAT or DHCP, nor encryption. The reason for the problems with encryption is that Apple didn't follow the WEP standards, and has some unique algorithm for generating the WEP keys. They supposedly corrected this in v1.1 of the Base Station firmware, but I've yet to verify that.
.@.
I recently installed the Aviator 2.4 GHz card from WebGear. It's quite a bit slower (2 Mb/s signal rate, 1.5Mb/s) but has longer range (500 vs 100 ft) than WaveLAN. In any case it's cheaper than WaveLAN and very adequate for most purposes, especially Internet sharing.
;-)
The Aviator card is available in three different versions:
WebGear Aviator2.4
WebGear AviatorPRO
Raytheon Raylink
These are all the same card, but come with different drivers. I am using the Raytheon driver on my Windows laptop with the Aviator2.4 card. The Aviator 2.4 driver only supports peer to peer mode; The AviatorPRO and Raylink can talk to a wireless access point (basically an Ethernet to 802.11 bridge). Supposedly the AviatorPro is will do WEP, but since the Raylink driver doesn't support this yet, I doubt the AviatorPro does yet. The Linux driver does not support WEP IIRC. When it does, and the Windows version of the raytheon driver does, then you can have WEP too (the latest Linux WaveLAN driver DOES have WEP).
However, lack of driver level support is no big deal. First of all, it ain't easy to intercept spread spectrum communications unless you can guess the ESSID the stations are using, and even then it's not something for casual snoopers. Second, I personally use OpenSSH instead of telnet and you can forward your X using OpenSSH and get your choice of blowfish or triple DES. For windows boxes most of my sensitive web traffic goes over https if it isn't using SSH to a Unix box. If I were trying to hide my SMB traffic from the NSA, then I'd be out of luck without WEP, though
I set the cheap Aviator cards up with a linux box with IPChains and a new subnet and bingo -- I have a perfectly functional network that is highly secure when I need it to be. I got a pair of aviators with a ISA PC Cards for 169.95; this is the cheapest way to get a pair of them. Don't get your Linux drivers from WebGEAR, however. The driver is included in the latest pcmcia packages. I initially had a big headache getting this thing working with RH 6.1, but when I decided to upgrade to pcmcia-cs-3.0.14-22 the card configured itself cleanly and worked like a charm.
I suppose you could also set up your
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
I'm using Lucent's Silver WaveLAN card with Apple's AirPort base on my FreeBSD laptop (IBM ThinkPad 600E). I don't know about the 3Com or Cisco cards, but the Silver WaveLAN was ~$150 from all the places I priced it. For $299 ($281 if you're at an .edu) and $150 for the card, it's a pretty good deal.
OK, so I want some wireless ethernet, but I don't have an Apple... the 3Com and Cisco wireless cards look pretty good, and not completely unreasonable at $250 each (see this article), but the "wireless hubs" cost over $1000 each!!! Does anyone know for sure if one of those swank Apple $300 Base Stations will work with a Cisco or 3Com wireless card?
- - - - -
- - - - -
automatictaxistopelectriccigarettelovebaby
The things really do work awfully well. Very handy when setting up new headless machines for me to telnet into the console server from a laptop over the wireless net and then be able to carry around the console terminal if I need to go back to fiddle with the hardware... without losing my console session and having to continually connect back in.
One thing the author didn't quite explain is that there are more reasons than the lack of an integrated antenna that the AirPort cards will not work in machines other than late model Apple machines. The bus is weird. The AirPort card actually sits on an ATA bus!
One final interesting AirPort hint is that if you have an older Mac and want to use the Lucent card with it under MacOS, you can use the AirPort 1.1 software with it instead of the drivers Lucent provides, which seem to be shoddy in our experience here (they really mess up the system on MacOS 9 since it somehow manages to install the 68k version of the driver by mistake).