Questions re WEP encryption

I have a linksys (model: BEFW 11S4) router. I want to enable WEP
encryption. I have a desktop which is 'wired' to the router. I have a
laptop that is wireless.

I realise I have to generate an encryption key but will I have to do
anything to my desktop machine since it is connected by wire? (Is the wired
connection referred to as an 'ethernet' connection?).

Thanks in advance,
David

David Todtman wrote:
> I have a linksys (model: BEFW 11S4) router. I want to enable WEP
> encryption. I have a desktop which is 'wired' to the router. I have a
> laptop that is wireless.
>
> I realise I have to generate an encryption key but will I have to do
> anything to my desktop machine since it is connected by wire? (Is the wired
> connection referred to as an 'ethernet' connection?).

No, WEP is just that Wireless encryption. The wired connectopm, ethernet, is
not encrypted.


--
Mike Vore
http://www.OhMyWoodness.com
http://mike.vorefamily.net/twr

"David Todtman" <(E-Mail Removed)> hath wroth:

>I have a linksys (model: BEFW 11S4) router. I want to enable WEP
>encryption. I have a desktop which is 'wired' to the router. I have a
>laptop that is wireless.
>
>I realise I have to generate an encryption key but will I have to do
>anything to my desktop machine since it is connected by wire? (Is the wired
>connection referred to as an 'ethernet' connection?).

No. The desktop is unaffected. The WEP encryption is only for the
wireless part of the puzzle, not the wired.

If you must use WEP (the BEFW11s4 only supports WEP) be sure to use
the generated Hex key, not the ASCII key. There are different
algorithms for converting from ASCII to Hex for generating keys.
There's no guarantee that the method used on the BEFW11S4 matches the
method used on your wireless laptop card.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Thanks Jeff and Mike.

Can you tell me why the router generates a key from a passphrase. I am
thinking that if you don't want somebody to determine your key, you'd want
to start with an ungessable passphrase. The best ungessable passphrase
would be a long random string.

So why cannot I just use the random string as a key and bypass the
passphrase altogether? (I.e., enter the random string in the "key" field in
the WEP setup page.)

TIA,
David Todtman





"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "David Todtman" <(E-Mail Removed)> hath wroth:
>
>>I have a linksys (model: BEFW 11S4) router. I want to enable WEP
>>encryption. I have a desktop which is 'wired' to the router. I have a
>>laptop that is wireless.
>>
>>I realise I have to generate an encryption key but will I have to do
>>anything to my desktop machine since it is connected by wire? (Is the
>>wired
>>connection referred to as an 'ethernet' connection?).
>
> No. The desktop is unaffected. The WEP encryption is only for the
> wireless part of the puzzle, not the wired.
>
> If you must use WEP (the BEFW11s4 only supports WEP) be sure to use
> the generated Hex key, not the ASCII key. There are different
> algorithms for converting from ASCII to Hex for generating keys.
> There's no guarantee that the method used on the BEFW11S4 matches the
> method used on your wireless laptop card.
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

"David Todtman" <(E-Mail Removed)> hath wroth:

>Can you tell me why the router generates a key from a passphrase.

Sure. The actual key that gets use for encryption is Hex. Well
actually it's binary, but I don't want to confuse things even more.
The theory was that mortal users and non-geeks don't converse well in
Hexadecimal, unless you happen to have 8 fingers on each hand. So, to
make things easy for the customers, the vendors added a "key
generator" that creates the Hex key from an ASCII text string. The
problem was that everyone had the same idea roughly at the same time,
but since there were no standards, everyone did it differently.

See:

http://groups.google.com/group/alt.i...6bc97ee2c6630b
for a sample output.

>I am
>thinking that if you don't want somebody to determine your key, you'd want
>to start with an ungessable passphrase. The best ungessable passphrase
>would be a long random string.

True. However, for WEP it doesn't matter. WEP is so insecure that an
attacker can recover your WEP key from over the air packets in about
3-10 minutes. One of several WEP key recovery tools.
http://airsnort.shmoo.com
Basically WEP is useless for security.

>So why cannot I just use the random string as a key and bypass the
>passphrase altogether? (I.e., enter the random string in the "key" field in
>the WEP setup page.)

You can and should use random rubbish for keys. I'm not an expert on
key generation. See the wireless security section of the FAQ at:
http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security
for details. If you're serious about security, or suspect you may
have a problem, then I strongly suggest you abandon WEP and switch to
WPA-PSK, which is currently uncrackable with >20 charcter non-trivial
keys.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Well thank you for explaining key generation.

And, re WEP: YIKES!

I just went to linksys and had a chat with a tech: my router does not
support WPA (and no firmware upgrade that supports it either). Guess it's
time for a trip to the store.

Ciao,
David
"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "David Todtman" <(E-Mail Removed)> hath wroth:
>
>>Can you tell me why the router generates a key from a passphrase.
>
> Sure. The actual key that gets use for encryption is Hex. Well
> actually it's binary, but I don't want to confuse things even more.
> The theory was that mortal users and non-geeks don't converse well in
> Hexadecimal, unless you happen to have 8 fingers on each hand. So, to
> make things easy for the customers, the vendors added a "key
> generator" that creates the Hex key from an ASCII text string. The
> problem was that everyone had the same idea roughly at the same time,
> but since there were no standards, everyone did it differently.
>
> See:
>
> http://groups.google.com/group/alt.i...6bc97ee2c6630b
> for a sample output.
>
>>I am
>>thinking that if you don't want somebody to determine your key, you'd want
>>to start with an ungessable passphrase. The best ungessable passphrase
>>would be a long random string.
>
> True. However, for WEP it doesn't matter. WEP is so insecure that an
> attacker can recover your WEP key from over the air packets in about
> 3-10 minutes. One of several WEP key recovery tools.
> http://airsnort.shmoo.com
> Basically WEP is useless for security.
>
>>So why cannot I just use the random string as a key and bypass the
>>passphrase altogether? (I.e., enter the random string in the "key" field
>>in
>>the WEP setup page.)
>
> You can and should use random rubbish for keys. I'm not an expert on
> key generation. See the wireless security section of the FAQ at:
> http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security
> for details. If you're serious about security, or suspect you may
> have a problem, then I strongly suggest you abandon WEP and switch to
> WPA-PSK, which is currently uncrackable with >20 charcter non-trivial
> keys.
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

Another question: my daughter has a DSL connection, a desktop, and no
laptop (wireless device). She uses a software firewall but I think a nat
router would be better. If she used my old (non WPA) router simply as a
hardware firewall would there be a security issue from someone detecting her
router signal? I guess an intruder could steal the signal and surf the net
from her ip address. That could be bad if their activity was nefarious and
authorities attributed it to her. Could the intruder get access to her
desktop, assuming no or inadequate encryption?

Best,
David

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "David Todtman" <(E-Mail Removed)> hath wroth:
>
>>Can you tell me why the router generates a key from a passphrase.
>
> Sure. The actual key that gets use for encryption is Hex. Well
> actually it's binary, but I don't want to confuse things even more.
> The theory was that mortal users and non-geeks don't converse well in
> Hexadecimal, unless you happen to have 8 fingers on each hand. So, to
> make things easy for the customers, the vendors added a "key
> generator" that creates the Hex key from an ASCII text string. The
> problem was that everyone had the same idea roughly at the same time,
> but since there were no standards, everyone did it differently.
>
> See:
>
> http://groups.google.com/group/alt.i...6bc97ee2c6630b
> for a sample output.
>
>>I am
>>thinking that if you don't want somebody to determine your key, you'd want
>>to start with an ungessable passphrase. The best ungessable passphrase
>>would be a long random string.
>
> True. However, for WEP it doesn't matter. WEP is so insecure that an
> attacker can recover your WEP key from over the air packets in about
> 3-10 minutes. One of several WEP key recovery tools.
> http://airsnort.shmoo.com
> Basically WEP is useless for security.
>
>>So why cannot I just use the random string as a key and bypass the
>>passphrase altogether? (I.e., enter the random string in the "key" field
>>in
>>the WEP setup page.)
>
> You can and should use random rubbish for keys. I'm not an expert on
> key generation. See the wireless security section of the FAQ at:
> http://wireless.wikia.com/wiki/Wi-Fi#Wi-Fi_Security
> for details. If you're serious about security, or suspect you may
> have a problem, then I strongly suggest you abandon WEP and switch to
> WPA-PSK, which is currently uncrackable with >20 charcter non-trivial
> keys.
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

"David Todtman" <(E-Mail Removed)> hath wroth:

>Another question: my daughter has a DSL connection, a desktop, and no
>laptop (wireless device). She uses a software firewall but I think a nat
>router would be better.

Each have their place. Some software firewalls (i.e. ZoneAlarm,
Kerio, Norton, McAfee, etc) control traffic both going in and going
out. If her machine catches a worm or spyware, the software firewall
will usually ask if it's OK to send something to some destination. The
hardware firewall won't do that.

On the other foot, the hardware firewall has other features that are
useful. A DHCP server, NAT (network address translation) for
connecting more than one client computah, IP port redirection for
remote access, etc.

>If she used my old (non WPA) router simply as a
>hardware firewall would there be a security issue from someone detecting her
>router signal?

No. I frequently sell and install wireless router to users that do
not have any wireless devices simply because there's very little price
difference between commodity wired and wireless routers. If they ever
plan to add a laptop, wireless is quite useful. On installation, I
disable the wireless section so there's no signal. I think that's
what you're asking. (I also enable remote administration so that I
can turn on the wireless easily as the necessity seems to always
happen at an inconvenient time).

>I guess an intruder could steal the signal and surf the net
>from her ip address. That could be bad if their activity was nefarious and
>authorities attributed it to her. Could the intruder get access to her
>desktop, assuming no or inadequate encryption?

Once an intruder is on the LAN side of the firewall, the only limit to
what they can do is controlled by the software firewall on the client
computers. This is why many people run BOTH a hardware firewall and a
software firewall. Unfortunately, many people (including me) are
rather sloppy with their internal LAN security, and any intrusion via
wireless would be fatal or messy. Just disable the wireless.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann <(E-Mail Removed)> hath wroth:

>On the other foot, the hardware firewall has other features that are
>useful. A DHCP server, NAT (network address translation) for
>connecting more than one client computah, IP port redirection for
>remote access, etc.
(blah-blah-blah)

I forgot to mention one item. The BEFW11S4 really is a piece of junk.
I have a BEFW11S4 v4 at home. In inherited from a customer who wanted
something more reliable. It hangs all the time. It also is
susceptible to various exploits and attacks from the internet. Go to:
http://www.pcflank.com/exploits.htm
and run the exploits test. My BEFW11S4 v4 hangs on 2 of the tests. I
forgot which ones but I think targa3 is one of them. Methinks it's
best to do some testing before you pass on a potential maintenance
headache to your daughter.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann <(E-Mail Removed)> wrote:

<snip>

> WEP is so insecure that an attacker can recover your WEP key from over the
> air packets in about 3-10 minutes. One of several WEP key recovery tools.
> http://airsnort.shmoo.com

: Introduction
:
: AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys.
: AirSnort operates by passively monitoring transmissions, computing the
: encryption key when enough packets have been gathered.
:
: [...]
:
: AirSnort requires approximately 5-10 million encrypted packets to be
: gathered. Once enough packets have been gathered, AirSnort can guess the
: encryption password in under a second.

So how will an attacker get 5 - 10 million encrypted packets in 3 - 10
minutes?