Perplexed by wpa

I've recently joined the 21st century by getting DSL. The DSL
modem/gateway/router is an Actiontec GT-701WG. I picked up a Linksys
WPC54G PCMCIA card to connect my laptop to the DSL.

The laptop is a ThinkPad running Win2K, and I'm using the Linksys
drivers. The PC and the DSL connect just fine, generally, and I took
the further step of engaging WPA to keep my configuration a bit more
secure, hopefully.

I do have a few questions about WPA that I hope you folks can answer
for me.

First, I set the network up with WPA-PSK. When I initially connect,
the Linksys network monitor shows security as WPA and authentication
as WPA, however after some period of time, the monitor shows security
as WPA and authentication as "Open." Does this mean my connection is
no longer encrypted? Or is the WPA still working and I'm
misinterpreting the "authentication" field?

Also, I know WPA is supposed to be vastly more secure than the old
WEP, but how paranoid should I be about surfing with the laptop? Has
WPA been shown to be crackable in ordinary use? When you surf with
WPA, do you refrain from using online banking, etc.?

Thanks for your help.

Cheers,
Will
--

"I know you believe you understand what you think I said,
but I am not sure you realize that what you heard is not
what I meant." - Alan Greenspan in Congressional Testimony.

Your encryption is still working. Open and Share are the two types of
authentication methods. I would suggest that you use a long
passphrase or encryption key that mixes letters, number and symbols.
As for banking, I recommend that you use a wired connection. WPA is
secure, but anything that travel via air can be sniffed and to someone
with time and determination, your info can be cracked. There's no
need to be paranoid, but it makes good sense to be practical about
your surfing habits. Take care.

On Sun, 01 Aug 2004 15:42:25 -0600, Dwayer <(E-Mail Removed)> wrote:

>I've recently joined the 21st century by getting DSL. The DSL
>modem/gateway/router is an Actiontec GT-701WG. I picked up a Linksys
>WPC54G PCMCIA card to connect my laptop to the DSL.
>
>The laptop is a ThinkPad running Win2K, and I'm using the Linksys
>drivers. The PC and the DSL connect just fine, generally, and I took
>the further step of engaging WPA to keep my configuration a bit more
>secure, hopefully.
>
>I do have a few questions about WPA that I hope you folks can answer
>for me.
>
>First, I set the network up with WPA-PSK. When I initially connect,
>the Linksys network monitor shows security as WPA and authentication
>as WPA, however after some period of time, the monitor shows security
>as WPA and authentication as "Open." Does this mean my connection is
>no longer encrypted? Or is the WPA still working and I'm
>misinterpreting the "authentication" field?
>
>Also, I know WPA is supposed to be vastly more secure than the old
>WEP, but how paranoid should I be about surfing with the laptop? Has
>WPA been shown to be crackable in ordinary use? When you surf with
>WPA, do you refrain from using online banking, etc.?
>
>Thanks for your help.
>
>Cheers,
>Will

Taking a moment's reflection, Dwayer mused:
|
| First, I set the network up with WPA-PSK. When I initially connect,
| the Linksys network monitor shows security as WPA and authentication
| as WPA, however after some period of time, the monitor shows security
| as WPA and authentication as "Open." Does this mean my connection is
| no longer encrypted? Or is the WPA still working and I'm
| misinterpreting the "authentication" field?

The authentication type refers to how the access point/router confirms
you have the correct WPA key. An Open setting is considered more secure
than Shared. It makes sense that the software would display as you report,
since it would not know the authentication type until it tried to do so.

| Also, I know WPA is supposed to be vastly more secure than the old
| WEP, but how paranoid should I be about surfing with the laptop? Has
| WPA been shown to be crackable in ordinary use? When you surf with
| WPA, do you refrain from using online banking, etc.?

All due caution should be observed. However, WPA is not vulnerable to
packet collection like WEP is. Though, in PSK mode, WPA is vulnerable to
brute force dictionary attacks (as is WEP), so make your keys long and
complex. As for online banking over wireless. I am sure you are exposing
yourself somewhat, but consider this: Online banking sessions are encrypted
from your computer to the bank, add to that the WPA encryption from your
computer to the AP, and your transmission is fairly secure. It would take a
highly motivated (not to mention very luck) individual to get anything
useful.

If you connect to local area public hot spots, you might want to make
sure you have a software firewall (Kerio, Zonealarm, Sygate, and the like)
running. Some hot spots are configured to where all those who associate are
treated as being on the same LAN ... therefore, without a firewall, others
may have access to your computer.

The router should not turn off WPA; so, if you are still able to access the
internet through the wireless card, WPA should be active.

WPA is only as good as the passphrase. So far, nobody has been able to
crack WPA -- except when short passphrases were used (and then only by brute
force guessing). Thus, use a long complex passphrase.

However, getting into your LAN by figuring out your passphrase and stealing
your credit card information are two separate issues. WPA encrypts data
between your wireless card and the router. That's it. Anything beyond the
router gets sent over the internet and you have no idea what route it takes.
Thus, WPA will not make your on-line banking any more or less secure.

When doing on-line banking, it is most important to ensure that the session
between you and the server is securely encrypted. In Internet Explorer, you
should see a yellow padlock in the lower right corner (and "SSL Secured (128
Bit)" should appear if you place your mouse over it). If it's not there, do
not enter anything on that web page that you do not want the world to know
about. The next step is to look at the address bar in internet explorer to
make sure that it corresponds to the site you want to reach (e.g. ebay.com
and not something like ebay.asdfgh.com). If it does and you see the
padlock, so far so good. Internet Explorer should complain if the site's
certificate does not match the name of the site you have reached. If you
are still unsure, you can double-click on the padlock to see the
certification path (i.e. who gave the site you are trying to reach its
certificate). In many cases, you have to prove who you are and that you can
operate a server securely before someone will issue you a certificate...
However, the installation of certificate "signed" software that may appear
when reaching certain web sites is a different matter (quite a lot of adware
is "signed"). In addition, even sites that use encryption may be hacked
(e.g. your bank) and their information about you may become available to
others.

Finally, here's how SSL works in a nutshell...
1) You connect to the site and it sends you its certificate.
2) Based on certificates found on your computer, the validity of the
certificate is established and checked to make sure that it corresponds to
the site you have reached. The certificate may also be checked for
revocation.
3) The site's certificate contains a public key that your computer uses to
encrypt a randomly generated key.
4) You send this encrypted randomly generated key to the site and it uses
its private key to decrypt it.
5) You and the site then use this randomly generated key to exchange data.
All of this happens before you enter anything at the site.

-Yves

"Dwayer" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I've recently joined the 21st century by getting DSL. The DSL
> modem/gateway/router is an Actiontec GT-701WG. I picked up a Linksys
> WPC54G PCMCIA card to connect my laptop to the DSL.
>
> The laptop is a ThinkPad running Win2K, and I'm using the Linksys
> drivers. The PC and the DSL connect just fine, generally, and I took
> the further step of engaging WPA to keep my configuration a bit more
> secure, hopefully.
>
> I do have a few questions about WPA that I hope you folks can answer
> for me.
>
> First, I set the network up with WPA-PSK. When I initially connect,
> the Linksys network monitor shows security as WPA and authentication
> as WPA, however after some period of time, the monitor shows security
> as WPA and authentication as "Open." Does this mean my connection is
> no longer encrypted? Or is the WPA still working and I'm
> misinterpreting the "authentication" field?
>
> Also, I know WPA is supposed to be vastly more secure than the old
> WEP, but how paranoid should I be about surfing with the laptop? Has
> WPA been shown to be crackable in ordinary use? When you surf with
> WPA, do you refrain from using online banking, etc.?
>
> Thanks for your help.
>
> Cheers,
> Will
> --
>
> "I know you believe you understand what you think I said,
> but I am not sure you realize that what you heard is not
> what I meant." - Alan Greenspan in Congressional Testimony.

In message <cek7fa$8sp$(E-Mail Removed)>, "Yves Konigshofer"
<(E-Mail Removed)> wrote:

>Finally, here's how SSL works in a nutshell...
>1) You connect to the site and it sends you its certificate.
>2) Based on certificates found on your computer, the validity of the
>certificate is established and checked to make sure that it corresponds to
>the site you have reached. The certificate may also be checked for
>revocation.
>3) The site's certificate contains a public key that your computer uses to
>encrypt a randomly generated key.
>4) You send this encrypted randomly generated key to the site and it uses
>its private key to decrypt it.
>5) You and the site then use this randomly generated key to exchange data.
>All of this happens before you enter anything at the site.
>
>-Yves

Thank you for the primer. My understanding of cryptography is so
scant you could write it on the inside of a matchbox with a grease
pencil.

Cheers,
Will
--
****
"If people don't know what you're doing,
They don't know what you're doing wrong."
--Sir Arnold Robinson, _Yes, Minister_

In message <(E-Mail Removed)>, Doug Jamal
<(E-Mail Removed)> wrote:

>Your encryption is still working. Open and Share are the two types of
>authentication methods. I would suggest that you use a long
>passphrase or encryption key that mixes letters, number and symbols.
>As for banking, I recommend that you use a wired connection. WPA is
>secure, but anything that travel via air can be sniffed and to someone
>with time and determination, your info can be cracked. There's no
>need to be paranoid, but it makes good sense to be practical about
>your surfing habits. Take care.

Thank you for the response. I'm glad to know that the WPA is still
working.

On the subject of the passphrase, is there a length limit or a
recommended length? The documentation for both the DSL modem and wifi
card is unclear on this. My current phrase is 15 characters
alpha-numeric, which is probably not long enough I suspect.

Cheers,
Will
--
****
"If people don't know what you're doing,
They don't know what you're doing wrong."
--Sir Arnold Robinson, _Yes, Minister_

In message <H9hPc.230437$Oq2.27644@attbi_s52>, "mhicaoidh"
<®êmõvé_mhic_aoidh@hotÑîXmailŠPäM.com> wrote:

> All due caution should be observed. However, WPA is not vulnerable to
>packet collection like WEP is. Though, in PSK mode, WPA is vulnerable to
>brute force dictionary attacks (as is WEP), so make your keys long and
>complex. As for online banking over wireless. I am sure you are exposing
>yourself somewhat, but consider this: Online banking sessions are encrypted
>from your computer to the bank, add to that the WPA encryption from your
>computer to the AP, and your transmission is fairly secure. It would take a
>highly motivated (not to mention very luck) individual to get anything
>useful.
>
> If you connect to local area public hot spots, you might want to make
>sure you have a software firewall (Kerio, Zonealarm, Sygate, and the like)
>running. Some hot spots are configured to where all those who associate are
>treated as being on the same LAN ... therefore, without a firewall, others
>may have access to your computer.
>
Fair enough, and I'm a longtime Zonealarm user.
Thanks!
Cheers,
Will
--
****
"If people don't know what you're doing,
They don't know what you're doing wrong."
--Sir Arnold Robinson, _Yes, Minister_

15 characters should be plenty. Currently, I use 26 characters. The
best passphrases are the ones that doesn't make any sense. For
example: BA%c975pp+)(10ZdDT#fyW....

On Mon, 02 Aug 2004 11:31:58 -0600, Dwayer <(E-Mail Removed)> wrote:

>Thank you for the response. I'm glad to know that the WPA is still
>working.
>
>On the subject of the passphrase, is there a length limit or a
>recommended length? The documentation for both the DSL modem and wifi
>card is unclear on this. My current phrase is 15 characters
>alpha-numeric, which is probably not long enough I suspect.