Wireless WPA and WPA2 Keys
Alan Spicer Marine Telecom http://www.wifiyacht.net © 2005 - 2010
All Rights Reserved all IP Rights Reserved
See also: www.marinetelecom.net

Search The Web with Google, or Search Our Web Sites
Google
 

Alan Spicer Marine Telecom Business Card



Make sure to visit our: Main Site Make sure to see our Marine WiFi Offerings, also Cellular Travel and Mobile Routers, as well as Ericsson W25 and W35 Mobile Broadband Voice and 3G+ Internet Routers.

Have You been HERE ? We've got pretty much everything you need!

[10/06/2009 update]

--------------------

"What We Gonna Do Tonight Brain?
The Same Thing We Do Every night Pinky.
Try To Take Over The World"

First of all you will want to be using WPA2, probably WPA2 Personal or WPA2 Pre-shared Key - for your WiFi Access Points or Routers for most users. If you are in an organization or enterprise then you might want to use WPA2 Enterprise or whatever they call the one with an 802.1x authentication server. You will also want to use a passphrase (the password users need to get on your network) with a length between 8 and 63 printable ASCII characters. That usually means alphabet letters to most of us. The longer your passphrase is past 8 characters, the better. And if you can avoid common names and words that can be found in a dictionary, even better. Why? WEP was cracked long ago. WPA is crackable but it takes longer. WPA2 takes even longer. To make it reasonable for an attacker to attempt cracking your Wireless Access Point or Router they usually want it to be as easy as possible. Which means Tables of pre-calculated data (common Network SSID names) and maybe you were lazy and used dictionary found names or words (?) So don't! WPA2 replaced WPA; like WPA, WPA2 requires testing and certification by the Wi-Fi Alliance. WPA2 implements the mandatory elements of 802.11i, which is a good thing. So you should use it if at all possible. And your first 3 excuses don't count!

Shared-key WPA is vulnerable to password cracking attacks if a weak passphrase is used. To protect against a brute force attack, a truly random passphrase of 13 characters (selected from the set of 95 permitted characters) is probably sufficient. Lookup tables have been computed by the Church of WiFi (a wireless security research group) for the top 1000 SSIDs for a million different WPA/WPA2 passphrases. To further protect against intrusion the network's SSID should not match any entry in the top 1000 SSIDs.

* People are out there finding wireless networks, just for the fun of finding wireless networks. Don't believe me? http://www.wigle.net/gps/gps/main/stats/. Have a look at that. They also have the 1000 Top Wireless Network Names (called SSID's): http://www.wigle.net/gps/gps/main/ssidstats. So don't go with the default Network Name of your hardware and try to not use a Network Name in the Top 1000. And especially try to not use one of the Top 1000 plus a dictionary findable passphrase. Why? http://www.churchofwifi.org/ has made http://www.churchofwifi.org/default.asp?PageLink=Project_Display.asp?PID=90 has a project making LOOKUP TABLES making your access point / router easier to crack if you join the Top 1000 for your network name, and you are not careful enough in your passphrase choice. More information can also be found here: http://www.renderlab.net/projects/WPA-tables/ part of that page reads like this:

Ass covering

The fact that we found a way to speed up WPA-PSK cracking does not mean that it is broken. Far from it. The exploit used by coWPAtty and other similar tools is one of dumb passphrases. The minimum number of characters for a WPA-PSK passphrase is 8. The maximum is 63. Very few users actually use more than about 20 characters. As well, they also choose known words and phrases, likely to be in a dictionary. This allows us to leverage a human element in obtaining the key.

To get decent protection from WPA-PSK, you should use a very long, very random, alphanumeric string longer than 20 characters. To protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list. This will force the attacker to compute thier own list, rather than use one of the CoWF tables.


The rest is mostly the original WPA article, before my 10/06/2009 update ^above^

In my article Wireless-WEP-Keys I promised (article on WPA coming later...) Well here it is. WPA is a good idea. If your wireless on your computers and your access points can support it you should use it rather than WEP. (This article was getting rather old as well. You should now be using WPA2. I guess I'll have to promise again, article on WPA2 coming later... WPA2 Personal or WPA Personal are usually what they are called in router equipment lately [2008, 2009, ...] - unless you are in a business or corporate environment - in which case you should have the IT STAFF or IT GURU to set the Wireless Security for you. That's because they may be using an authentication server to manage their wireless network. That may be called WPA Enterprise, or WPA2 Enterprise.)

WPA is more secure than WEP. WiFi Protected Access - solves problems in WEP that make it possible for knowledgeable persons to crack it. One thing is that once you set your initial key or passphrase the actual keys used is changed automatically very very often. A lot more often (seconds) than you could ever dream of changing WEP Keys.


You will want to change your Wireless Security Setting in your Access Points to WPA-PSK - WiFi Protected Access Pre-shared Key, and TKIP - Temporal Key Integrity Protocol. You will still have to enter the same Passphrase or Hexadecimal key into both your access points and Computers but the length requirement is changed. This passphrase (also called a shared secret) that must be entered in both the wireless access point and the WPA clients (computers). This shared secret can technically be between 8 and 63 characters and can include special characters and spaces. The WPA preshared key should be a random sequence of either keyboard characters (upper and lowercase letters, numbers, and punctuation) at least 20 characters long or hexadecimal digits (numbers 0-9 and letters A-F) at least 24 hexadecimal digits long. The more random your WPA preshared key, the safer it is to use. You can also use Pass Phrases these days that is a common word like boatname+otherword, Example: hotboatwireless, or another phrase that you will remember. It should be as long as you can make it and remember it.

A portion of this was taken from: http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx. Here is the Hexadecimal information from my other article should you still need it.

Hexadecimal

Hexadecimal, as you may already know, is just another numbering system. Instead of our Base-10, hexadecimal uses Base-16 which means it has 16 possible digits (we'll call them characters because certain digits in hex. are actually letters) they are: 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, A, B, C, D, E, F.


[end of article.]



(Notice: Listing my phone number does NOT mean you can call me FREE and ask WiFi questions. It is there for customers to call for my services and products. You may email me a question which I may answer as I have time.)

My Telephone Number is: 954-683-3426.

Thank You.


[end of article]
back to WiFi Yacht

eXTReMe Tracker