Re: CRIME NIPC Watch Daily Report 21 February 2002

From: Crispin Cowan (crispin@private)
Date: Thu Feb 21 2002 - 10:11:31 PST

Next message: Seth Arnold: "Re: CRIME NIPC Watch Daily Report 21 February 2002"

Previous message: Geo: "RE: CRIME NIPC Watch Daily Report 21 February 2002"
In reply to: Geo: "CRIME NIPC Watch Daily Report 21 February 2002"
Next in thread: Seth Arnold: "Re: CRIME NIPC Watch Daily Report 21 February 2002"
Reply: Seth Arnold: "Re: CRIME NIPC Watch Daily Report 21 February 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Geo wrote:

>Note squib on City of Glendale going to wireless LAN. I'm not sure that 3DES
>encryption is all that secure--though it may be for Glendale...
>
3DES is pleanty secure for most any application requiring symmetric 
cryptography. It is old, which makes it more secure and less efficient 
than contemporary ciphers like AES and Blowfish. It is single DES that 
is vulnerable because the key length is too short.

What makes the security of the Glendale application sketchy is that 3DES 
(and single DES, and AES) are not very useful for authentication, and 
the one-paragraph article does not discuss authentication. This is a 
concern, because it is authentication problems that broke 802.11b and 
802.11a.

Crispin

>-----Original Message-----
>From: NIPC Watch
>To: Daily Distribution
>Sent: 2/21/02 6:13 AM
>Subject: NIPC Watch Daily Report 21 February 2002
>
>NIPC Daily Report 21 February 2002
>...
>California city plans wireless LAN for critical communications.
>Glendale, CA has decided to use wireless LAN technology to provide
>high-speed data service to its police, fire, and public works
>departments after determining that cellular mobile data services cost
>too much and deliver too little. The city's assistant director of
>information services said cellular bandwidth available to Glendale did
>not support applications required to run emergency services.
>(Computerworld.com, 18 Feb)
>
>NIPC Watch and Warning Unit comment: Wireless security protocols have
>either been an add-on or of secondary importance previous to this. The
>use of 3DES encryption in this case has brought real security to the
>wireless networking and is a good first step towards acceptance of broad
>use wireless networking within the government and the critical
>infrastructure agencies.
>
-- 
Crispin Cowan, Ph.D.
Chief Scientist, WireX Communications, Inc. http://wirex.com
Security Hardened Linux Distribution:       http://immunix.org
Available for purchase: http://wirex.com/Products/Immunix/purchase.html

        The Olympic Games: A Century of Corruption and Graft
	     The FIS: Crushing the soul of snowboarding

Next message: Seth Arnold: "Re: CRIME NIPC Watch Daily Report 21 February 2002"
Previous message: Geo: "RE: CRIME NIPC Watch Daily Report 21 February 2002"
In reply to: Geo: "CRIME NIPC Watch Daily Report 21 February 2002"
Next in thread: Seth Arnold: "Re: CRIME NIPC Watch Daily Report 21 February 2002"
Reply: Seth Arnold: "Re: CRIME NIPC Watch Daily Report 21 February 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:39:04 PDT