>>If the link is not encrypted, then yes, it is easy to grab a login/pass >>combo. If the link is encrypted with WEP, first use AirSnort to get the WEP >>key, then it's easy to grab a login/pass combo. If you want true security >>at today's technology, use an SSH tunnel or other VPN over your WiFi network. AFAIK / can tell, I can see the username from ethereal capture, but as I mentioned, the password is hashed or something. So.. basically it's good, however, the void here is whether it's hashed Before it's sent out (meaning,client side) or is it hashed after sent out (server-side). Wireless transmission means that more pringle cans can intercept the signal. So.. basically, the login name will be visible, and the password will be hashed. How easy would it be to decode the hash? What sort of algo does it use to hash it? What stipulates whether it uses MD5/blowfish etc..etc.. (frankly I have no idea, just throwing out some algo I know/heard about) Can anyone decode the hash? How would they go about it? SSH tunnel is okay for implementation for my home, but for a public eg:T-Mobile hotspot, how would one go about it? Don't check pop mail there?? >>Thanks for trimming; much easier this time to write back and much easier to Actually, I thought that cutting and pasting whatever I was replying to was adequate. So.. I guess it's not.. :) Cheers, .^. Mun Heng, Ow /V\ H/M Engineering /( )\ Western Digital M'sia ^^-^^ DID : 03-7870 5168 The Linux Advocate -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
