NetStumbler.org Forums - View Single Post - Security on the client side while using hotspots

odoyle81 · 06-12-2005

VPN or SSL...

I understand that VPN is the best solution, but I don't want to run another computer at my house just for VPN when I'm on the road if SSL is good enough. (especially since VPN would really slow everything down).

My question is basically about whether cookies send usernames and passwords encrpyted or as hash values and does this pose a signifigant security risk if used in an open wireless environment without VPN. From what I understand, SSL is good enough without VPN (that is, even if someone captured the SSL packets, they'd have a hell of a time doing anything with it).

Does the same hold true for these sites that automatically log you in using cookies (for example gmail, amazon, del.icio.us)? Or is using cookies to be avoided at all costs on the road?

06-12-2005	#20 (permalink)
odoyle81 Registered Member Join Date: Jun 2005 Posts: 5	VPN or SSL... I understand that VPN is the best solution, but I don't want to run another computer at my house just for VPN when I'm on the road if SSL is good enough. (especially since VPN would really slow everything down). My question is basically about whether cookies send usernames and passwords encrpyted or as hash values and does this pose a signifigant security risk if used in an open wireless environment without VPN. From what I understand, SSL is good enough without VPN (that is, even if someone captured the SSL packets, they'd have a hell of a time doing anything with it). Does the same hold true for these sites that automatically log you in using cookies (for example gmail, amazon, del.icio.us)? Or is using cookies to be avoided at all costs on the road?