How To: Wireless Security - Page 8 - Overclock.net

Caedis · 05-15-09

If you want to be exact I think it should say the following.

UPDATE: Recently WPA protected networks utilizing TKIP have been temporarily weakened. Additionally the flaw only allows a few bytes of data to be injected at this time,which could be potentially harmful. Still it is the most secure as the exploits used are rendered useless with AES. QoS (Quality of service) must be disabled as well if you have enabled it on your router. (If you don't know what that is, you probably don't have it enabled)

Feel free to copy that if you like. You dont even have to quote me.

**stanrc** · 05-15-09

I think there might be some confusion because there are different attacks on WPA (and WEP) encryption. The most recent attacks aren't a full break, like it was said it only lets you see a little bit of information. It doesn't give you full access to the network. The earlier attacks were brute force/dictionary attacks. That means if you use a simple word like "dog" as your password then it will be cracked pretty quickly. As long as you use a complex word with more than 8 or so characters then you will be fine.

Caedis · 05-15-09

Quote:

Originally Posted by stanrc

I think there might be some confusion because there are different attacks on WPA (and WEP) encryption. The most recent attacks aren't a full break, like it was said it only lets you see a little bit of information. It doesn't give you full access to the network. The earlier attacks were brute force/dictionary attacks. That means if you use a simple word like "dog" as your password then it will be cracked pretty quickly. As long as you use a complex word with more than 8 or so characters then you will be fine.

Yeah, that is true, he doesn't cite exactly which part of WPA is in question. Of course any password can be brute forced. I assumed he was referring to the TKIP injection crack.

**stanrc** · 05-15-09

I after reading both of your responses it seemed like you guys might not both be on the same page.

Icekilla · 08-10-09

I have a question: my current modem/router (a 2WIRE 2701HG-T) doesn't seems to have WPA2 support, or if it does, I think it's blocked. Anyway, if I use WPA-P5K with TKIP and a 15 characters password (with a lot of weird characters) will it work safe enough?

Caedis · 08-10-09

Quote:

Originally Posted by Icekilla

I have a question: my current modem/router (a 2WIRE 2701HG-T) doesn't seems to have WPA2 support, or if it does, I think it's blocked. Anyway, if I use WPA-P5K with TKIP and a 15 characters password (with a lot of weird characters) will it work safe enough?

"safe enough" is a very subjective term. TKIP has known vulnerabilities that can, and will, be used in the future to cause harm to networks. it's best practice to abandon the dam once it's spring a leak, because no one really knows when that leak will become a deluge.

If possible, scour your routers settings to change from TKIP to AES. Most modern routers offer this under an advanced menu of the wireless settings.

If this is unavailable, try to find the "key renewal interval" some routers call this the "key beacon interval" change this value to something below 5 minutes. (if your router expresses this value is seconds, enter 300 seconds.) This is a *stop gap* and is not a permanent solution. I would recommend Upgrading to router with AES and or WPA2.

If you have neither of these options... well. Let me know.

Icekilla · 08-10-09

Well, it doesn't

The good thing is that most of the wireless networks around have WEP, and that there's not tech savvy people living nearby lol

Anyway, it's always good to have some "extra protection". I'm looking forward to upgrade the firmware of the modem or something. Unfortunately the ISP doesn't offer a firmware upgrade.

EDIT: It seems like if I use firefox in english, I can see the option to use WPA2 (on inSSIDer it says RNSA-CCMP when detecting my network if it's on WPA2) so I set it on WPA2, it seems to be working properly in WPA2, so I think it's a win

**IEATFISH** · 08-10-09

Quote:

Originally Posted by Icekilla

Well, it doesn't

The good thing is that most of the wireless networks around have WEP, and that there's not tech savvy people living nearby lol

Anyway, it's always good to have some "extra protection". I'm looking forward to upgrade the firmware of the modem or something. Unfortunately the ISP doesn't offer a firmware upgrade.

EDIT: It seems like if I use firefox in english, I can see the option to use WPA2 (on inSSIDer it says RNSA-CCMP when detecting my network if it's on WPA2) so I set it on WPA2, it seems to be working properly in WPA2, so I think it's a win

I was going to mention to try a firmware update on your router. Some will do it automatically and some are a pain. But looks like you tried that.

Icekilla · 08-10-09

so, virtually, my wireless network is now safe with AES encryption right?

**IEATFISH** · 08-10-09

Quote:

Originally Posted by Icekilla

so, virtually, my wireless network is now safe with AES encryption right?

As good as you're probably going to get without taking some extreme measures. Caedis, correct me if I'm wrong, but that seems to be the safest you can get right now for what you are doing.

		Overclock.net - Overclocking.net > Software, Programming and Coding > Networking & Security
How To: Wireless Security

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)