docrice
join:2008-03-31
Fremont, CA
| Just because something is secured by a "128-bit" or "1024-bit" key doesn't necessarily mean it's secure. What type of crypto is being utilized? What kind of algorithm is being used? What is the source of entropy used in the keying sequence given the specific implementation? If multiple ciphers are available to choose from during the negotiation, how can you be sure that the strongest one was chosen? Etc., etc..
So, there's no simple answer without some known specifics.
Regarding your firewall, etc., that's another set of problems designed to counter machine-specific attacks, not necessarily traffic over the network. That's a whole 'nother subject in itself.
There are always threats and the truth is you're never going to be 100% protected in a public environment. MITM attacks, etc., will always be there. While your e-mail traffic is secure from your browser to the web server, your DNS lookups, NetBIOS name / browser / session services, etc. are leaking out your system information in clear text. It's a matter of minimizing the risk to what's practical and acceptable. Take a look at this Slashdot thread for some more insight:
»it.slashdot.org/article.pl?sid=0···/2345223 |
