SOLVED WPA/WPA2 Hype or Handcramp?

[setotitan]

I just put in a new router, and I'm having to reset all my wireless security keys. I've always used WEP with a MAC filter and thought that was pretty secure. I mean with WEP you still need a key, and the MAC filter's on so only approved equipment can even get access even if they have the key. However I saw WPA, now WPA2, and I've always been one to like my security fairly tight, however I hate the length of the damn keys. Is WPA/WPA2 really a must for good security, or with my current WEP/MAC Filter system am I just as, or better, protected? Trust me I'm the world's worst about hounding users to make long complicated passwords, so I'm wondering if this is a case of just taking my own medicine and committing to the long wireless keys, or if it's just hype. Thoughts?

 

[Cigarsmoker]

WPA2 is more secure than WEP. Realistically, for your typical home use, what you're doing is fine. There's so many wireless networks in the air these days, no one is going to spend a lot of time trying to target your specific network at random. Random users will look for any unsecure network. If you're targeted then there's probably little you can do anyways.

 

[TiZakit]

Its really up to you. I use WPA2 and have no issue with a long pass key. in fact, its only 8 chars.

also...

 

[petteyg359]

I just put in a new router, and I'm having to reset all my wireless security keys. I've always used WEP with a MAC filter and thought that was pretty secure. I mean with WEP you still need a key, and the MAC filter's on so only approved equipment can even get access even if they have the key. However I saw WPA, now WPA2, and I've always been one to like my security fairly tight, however I hate the length of the damn keys.

Use however long a key you want. Length is more important than complexity. Useasimplesentenceifyouwanttobecauseitmightbeeasiertorememberthanacomplexpasswordyetisprobablymoresecureandyoushouldseethexkcdpictureinthepreviouspost.

1. WEP is no security. It can be broken in minutes. You might as well run an open network.
2. MAC filtering is no security. Anybody with a basic packet sniffer will read all your MAC addresses right out of the air. You might as well run an open network.

 

[G33K454URU5 R3X]

Use however long a key you want. Length is more important than complexity. Useasimplesentenceifyouwanttobecauseitmightbeeasiertorememberthanacomplexpasswordyetisprobablymoresecureandyoushouldseethexkcdpictureinthepreviouspost.

1. WEP is no security. It can be broken in minutes. You might as well run an open network.
2. MAC filtering is no security. Anybody with a basic packet sniffer will read all your MAC addresses right out of the air. You might as well run an open network.

I agree with all this

 

[Cigarsmoker]

Use however long a key you want. Length is more important than complexity. Useasimplesentenceifyouwanttobecauseitmightbeeasiertorememberthanacomplexpasswordyetisprobablymoresecureandyoushouldseethexkcdpictureinthepreviouspost.

1. WEP is no security. It can be broken in minutes. You might as well run an open network.
2. MAC filtering is no security. Anybody with a basic packet sniffer will read all your MAC addresses right out of the air. You might as well run an open network.

Read OP's post, he wants to use a short key. Shorter than the 8 char min of WPA2. I disagree about WEP, while yes it's easier than WPA2 to break, it still will take some effort to break. More effort than is worth. Again the typical home owner is not a high value target, he's not the Defense Department, State Department, Bank or movie star. WEP is just enough of a deterrent to the average Joe that in all likely cases Joe will just move on to the unsecure wifi kicking around.

 

[Realee]

Anyone with any wireless knowledge wanting free internet from their neighbours will put in enough effort to get a WEP key.

WPA2 with the password 'aaaaaaaa' is more secure than WEP with MAC filtering.

 

[hafa]

I disagree about WEP, while yes it's easier than WPA2 to break, it still will take some effort to break.

Funny, I never considered running a packet sniffer for 30 seconds a great deal of effort. I sure hope you don't have any pedophiles living near you...

If the OP cannot remember an 8-character password, he should download a free password bank to do it for him.

 

[Cigarsmoker]

I sure hope you don't have any pedophiles living near you...

WTF does this have to do with anything. Actually since you ask. ALL the neighbours within WIFI range around my house are good people. That and I use WPA2, not out of paranoia but I just hate not using a feature that I paid for. Before that I used WEP for 5 years and I do check my wireless activities fairly often. During the period that I was using WEP and WPA2, never had any suspecious activity.

Don't get me wrong I highly suggest using WPA2 but if you don't it's not the end of the world. And IMO it's still better than an unsecure network.

 

[hafa]

WTF does this have to do with anything.

Simple. If anyone carries out any illegal activity on your network (even if it's only during the time you're not actively monitoring it, i.e., sleeping), you'll have to answer for it. Even should you win in court, getting dragged through and paying the expenses for a trial which was easily avoidable by using effective available wireless security is not a desirable thing. Also, keep in mind that "good" people, i.e., policemen, judges, teachers, etc.. are often among those arrested when rings are busted.

 

[turbohans]

Simple. If anyone carries out any illegal activity on your network (even if it's only during the time you're not actively monitoring it, i.e., sleeping), you'll have to answer for it. Even should you win in court, getting dragged through and paying the expenses for a trial which was easily avoidable by using effective available wireless security is not a desirable thing. Also, keep in mind that "good" people, i.e., policemen, judges, teachers, etc.. are often among those arrested when rings are busted.

With everything getting cracked down on this is no joke either

 

[TollhouseFrank]

With GPU's being used to crack even WPA/WPA2 passwords in mere seconds nowadays, all a WEP/WPA key is good for is keeping the honest thieves out.

Similar to a lock on the door to your house. It will keep out an "honest" thief, but not one that really wants in.

**edit**

it is still good practice though. Aside from legal/reputation issues from someone doing bad things on your wifi connection, it also is less fun to leave it open and suddenly find out that 90% of your bandwidth is gone because someone is using your totally open connection to stream hulu or something similar.

 

[setotitan]

Use however long a key you want. Length is more important than complexity. Useasimplesentenceifyouwanttobecauseitmightbeeasiertorememberthanacomplexpasswordyetisprobablymoresecureandyoushouldseethexkcdpictureinthepreviouspost.

1. WEP is no security. It can be broken in minutes. You might as well run an open network.
2. MAC filtering is no security. Anybody with a basic packet sniffer will read all your MAC addresses right out of the air. You might as well run an open network.

So maybe I'm missing something here, WPA2 keys can be be any length you want? I'm running Tomato firmware and when I switch to WPA2 mode it generates a key 64 characters long! I just presumed that was the length of WPA2 keys. If it is indeed that flexible I think I will try using one of those "sentence" passwords petty suggested. Also it appears as if I was lulling myself into a false sense of security with my Mac filter. Are there any other steps, aside from a strong key that will keep a would be assailant out of my network?

 

[Automata]

It can be up to 64 characters long.

Hiding your SSID and MAC filtering are absolutely useless, do not do either. Use a strong password and others will go for another network. You can't make it impenetrable, you simply want to make it less appealing or infeasible (i.e. harder to break into) compared to other networks surrounding yours.

 

[setotitan]

Last question, for my key's encryption it's offering AES, TKIP, or an AES/TKIP combination. What's my best choice here, and if you have time, why is it my best choice?

 

[petteyg359]

AES is best, but some old (really old, as in Palm/Axim handhelds) don't support it.

 

[G33K454URU5 R3X]

AES 256

 

[madhatter256]

AES 256.


I think TKIP is weaker compared to AES and is only used for compatability of old wifi devices.

 

[setotitan]

Okay, so I made a 64 digit key, and it keeps spitting it out saying "must be 8 characters or 64 hexadecimal digits" I know the PW I picked is 64 digits so what's the problem? If I pick an 8 digit key it translates that to a 64 digit hex number, is that what's going on?

 

[petteyg359]

Okay, so I made a 64 digit key, and it keeps spitting it out saying "must be 8 characters or 64 hexadecimal digits" I know the PW I picked is 64 digits so what's the problem? If I pick an 8 digit key it translates that to a 64 digit hex number, is that what's going on?

Where are you typing this? You should only need to enter a passphrase, which can be any length, and it will use various hashes of the passphrase as the actual encryption key. You don't "make a 64-digit key". You just type in a phrase, e.g. "DoNotStealMyNetwork", and the driver does the rest.