You're still paying money with those concerns?? Just move your money (and data) to SpiderOak and be happy: good client-side crypto can be done properly.
you don't know what you're talking about. Openvpn was never affected by the "renegotiation bug" as it doesn't use SSL for that component. As it runs over UDP and TCP, it had to come up with its own way of doing that - hence no problem.
That in combination with HMAC authentication makes it basically immune from that issue anyway...
Actually, can someone explain to me what the real difference is between "master mode" and AdHoc or mesh networks?
Why is it that only a few chipsets can "do" proper full-blown "master mode" (ie be an Access Point), and yet other chipsets can be used as AdHoc or mesh? I mean - what's the fundamental difference? I've been through this with Linux systems and can't understand why I can't just grab any WLAN card, bring up the interface and whack a DHCP server on it - why doesn't that work for them all?
The problem is with multi-AP deployments. If you have multiple WLAN Access Points, then running VPN typically means you are tunneling all that users traffic over your LAN back to the VPN concentrator - and then it needs to route their packets to where they are actually going. You end up a bit S.L.O.W...
Of course, this can be solved by installing VPN concentrators next to the WLAN APs - but that gets expensive...
EAP is supposed to sort this out. Authenticated access plus encryption keys that change every 'n' minutes.
Slashdot Mirror
You're still paying money with those concerns?? Just move your money (and data) to SpiderOak and be happy: good client-side crypto can be done properly.
Then check out his latest venture
https://silentcircle.com/
you don't know what you're talking about. Openvpn was never affected by the "renegotiation bug" as it doesn't use SSL for that component. As it runs over UDP and TCP, it had to come up with its own way of doing that - hence no problem.
That in combination with HMAC authentication makes it basically immune from that issue anyway...
Actually, can someone explain to me what the real difference is between "master mode" and AdHoc or mesh networks?
Why is it that only a few chipsets can "do" proper full-blown "master mode" (ie be an Access Point), and yet other chipsets can be used as AdHoc or mesh? I mean - what's the fundamental difference? I've been through this with Linux systems and can't understand why I can't just grab any WLAN card, bring up the interface and whack a DHCP server on it - why doesn't that work for them all?
Just wonderin...
J
FYI: it's "better, stronger, faster"
(dee-doop, dee-dee, dee-doop, dee-dee, DA DA DA DA DAAAAA!....)
Just a small correction: I think you meant
[I hate watching all those virtual particles dropping inert to the ground...]
Problem: it doesn't scale cost-effectively.
The problem is with multi-AP deployments. If you have multiple WLAN Access Points, then running VPN typically means you are tunneling all that users traffic over your LAN back to the VPN concentrator - and then it needs to route their packets to where they are actually going. You end up a bit S.L.O.W...
Of course, this can be solved by installing VPN concentrators next to the WLAN APs - but that gets expensive...
EAP is supposed to sort this out. Authenticated access plus encryption keys that change every 'n' minutes.