puffgussy36
join:2007-01-15
Hampton, NH
| reply to Ravenheart
Re: Router Homepage says WPA2 but Net Stumbler says WEP
I went into a Net Stumbler forum. Apparently the program identifies all forms of encryption as WEP. Both the Linksys settings page and the site survey function of my Trendnet adapter identify the encryption as WPA2.
I have another question regarding security. I've seen a number of Google search results for "cracking" WPA. This prompted me to find a way to further beef up the security on my connection. I initiated the MAC filtering allowing only PCs in my permit list to access the connection.
Is there anything more I can do? |
|
koolman2
Premium
join:2002-10-01
Anchorage, AK
 ·GCI.net
 ·Clearwire Wireless
edit:
March 25th, @09:05AM
| Ignore anything except WPA. Anything else is like putting Saran Wrap over your deadbolt. Basically, if someone can crack your WPA, you have worse things to worry about. MAC filtering and a "hidden" SSID are trivial compared to cracking WPA (which, by the way, when applied with a random string of characters, has yet to be cracked), and only make it more difficult to use your own network.
My suggestion: if all of your devices support it, use WPA with AES and a 256-bit key (or WPA2+AES256 if supported). AES has no known way to crack it unless you're a moron and make the key obvious.
Cue the "every bit helps" crowd...
--
There's no place like ::1. |
|
puffgussy36
join:2007-01-15
Hampton, NH | I currently have it configured to WPA2 Personal TPIK and my pass phrase is 15 random alpha numeric characters. Should I still change it to AES? |
|
koolman2
Premium
join:2002-10-01
Anchorage, AK
·GCI.net
·Clearwire Wireless
| If all of your devices support it, then yes, I would switch it. Keep in mind, though, that TKIP is also a VERY strong encryption method.
I would think about making that key a bit longer as well. Keep it on a USB drive or something as a .txt file so that you don't have to remember it. Make it something like "sdifyw8ohuA^A734yhbqk37a*#&#$4=adsf=fsdf". Just mash your face onto your keyboard and you should have a good key.
--
There's no place like ::1. |
|
puffgussy36
join:2007-01-15
Hampton, NH | That's hilarious. 
The Cray couldn't crack that key. I already used the .txt file idea too.
Thanks for the tip. |
|
duhriddler
join:2007-08-26
Riegelsville, PA
| The best solution would be to use WPA2 with AES and a passphrase consisting of 63 random printable ASCII characters. This website will do the trick: »https://www.grc.com/passwords.htm |
|
puffgussy36
join:2007-01-15
Hampton, NH | Ah good ol' Gibson Research. |
|
justanotherguy
@dslextreme.com
| As noted above, the best use of WPA or WPA2 is via strong passphrases, at least when using pre-shared key. The better system would be to use an EAP-based system (a la RADIUS server) but that requires an AP that supports it, plus you need to set up a RADIUS server as well as client identity credentials (certificate, password, etc.). It's a lot more moving parts to manage, but it's the best way to keep rotating your Pairwise Master Key between authenticated sessions. Aside from LEAP (and perhaps MD5), I'm not aware of any tools that attack 802.1X.
But for small-scale use, WPA / WPA2 is the practical way to go, plus using an SSID that can be considered unique (something that probably won't exist in a rainbow table). Defeating WPA-PSK security is still based on dictionary attacks. |
|
