I had heard recently that WPA has now been broken as well as WEP now. So that leaves WPA2 (which may or may not be broken), AES, and the various VPN types (IPSEC, PPTP). What I'm wondering is, what is still secure? Is PPTP secure? What is so broken about WEP vs say, IPSEC?
There's no real "sticky note" about it, and all this has got me wondering whether a PPTP VPN is secure at all anymore, or should I be using IPSEC and certificates for clients demanding security?
What about some kind of key changing based on scripts - using a generating algorithm, or storing a file of a thousand different keys on each end that are rotated hourly? Or using a key changing algorithm? Sending a new replacement key at a random interval across the link from the other end via IPSEC and utilize a non-transmitted secondary rotating key for the IPSEC itself? That might thwart a live hacker but not necessarily one who logs the traffic first, and then breaks it one layer at a time... If the data is sensitive enough (and not time dependent), and the hacker is determined, one could crack the first layer (WEP), and then the second layer (IPSEC) to find the next key, and then it's over.
I know there's virtually no way to stop the determined data-stealing hacker without time constraints, but changing the key every 15 seconds isn't practical performance wise either - but if it took 3+ hours to break 15 seconds worth of data, it wouldn't be time practical for most hackers to keep trying - the first 24 hours spent to get less than 5 minutes worth of potentially useless data would make it fairly pointless, other than just a thrill. It would stop the hacker who wants to gain access, however, because they would never have more than 15 seconds of usable access. But how practical is that?