[ale] Putting wifi in the house
James P. Kinney III
jkinney at localnetsolutions.com
Tue Jan 31 21:19:11 EST 2006
On Wed, 2006-02-01 at 01:38 +0000, hbbs at comcast.net wrote:
> Wresting the thread back on topic...
>
> Do I understand that IPsec is not for the CPU-challenged? Is a K7/700 w/128MB and no X over/underkill?
>
> Jeff
Depends on the client load (assuming thats your proposed head end). Many
commercial Firewall system with VPN have substantially weaker cpu's and
can handle 10 simultaneous VPN clients.
Since you are looking at 2-3 laptops hitting that K7 for VPN traffic,
you _should_ have no trouble.
Like ssh, IPSEC uses a PKI system to initiate a connection (very compute
intensive) then passes over a key for a 2-way cipher that can
encrypt/decrypt quickly and enforces frequent key changes. I know the
initial key exchange happens through the PKI transmission process. I'm
pretty sure the following key changes do as well. So even if someone
sniffs data and brute forces a key for a sequence of packets, they can't
get the key for the next sequence from that brute force event.
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
http://www.localnetsolutions.com
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Ale
mailing list