WAP-PSK - rekeying interval

What is best advice regarding the rekeying interval for WAP-PSK? My ISP
advises leaving this setting alone (it defaults to zero). What is best
for an ordinary home network - I have one desktop wirelessly networked
to the router, and one other machine ethernet wired to the router.
Currently set up with WAP-PSK and a 63 character ASCII key.
--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

Hi

Not sure what the ISP has to do with Wireless Encryption on your LAN.

You set the Key, and if it works you let it Ride.

If you have WPA + AES it is even better.

Wireless Security - http://www.ezlan.net/Wireless_Security.html

WEP, WPA, and the Future - http://www.ezlan.net/wpa_wep.html

Jack (MVP-Networking).



"Robert M Jones" <robert53newsgroups-(E-Mail Removed)> wrote in message
news:%23Lr3U%(E-Mail Removed)...
> What is best advice regarding the rekeying interval for WAP-PSK? My ISP
> advises leaving this setting alone (it defaults to zero). What is best for
> an ordinary home network - I have one desktop wirelessly networked to the
> router, and one other machine ethernet wired to the router. Currently set
> up with WAP-PSK and a 63 character ASCII key.
> --
> Rev Robert M Jones, Wimborne Baptist Church, UK
> http://www.wimborne-baptist.org.uk
> Free trial of Mailwasher Pro - effective email spam filter - (commission
> goes to our partners in Bulgaria)
> http://fta.firetrust.com/index.cgi?id=420

Jack (MVP-Networking). wrote:
> Hi
>
> Not sure what the ISP has to do with Wireless Encryption on your LAN.
>
> You set the Key, and if it works you let it Ride.
>
> If you have WPA + AES it is even better.
>
> Wireless Security - http://www.ezlan.net/Wireless_Security.html
>
> WEP, WPA, and the Future - http://www.ezlan.net/wpa_wep.html
>
> Jack (MVP-Networking).


Thank you. The ISP sold me the router (which is configured for their
service), and their WPA instructions suggest leaving the rekeying
interval at 0.
I have a working system, but was canvassing opinion on whether this was
the best option with regard to security - I have no views on the subject
as I am still learning about wireless and networks and certainly don't
yet understand what the rekeying interval is about. I've read your links
thank you,but they don't mention that issue although they were helpful
nevertheless.
Thanks anyway.

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

Robert M Jones wrote:
> What is best advice regarding the rekeying interval for WAP-PSK? My ISP
> advises leaving this setting alone (it defaults to zero). What is best
> for an ordinary home network - I have one desktop wirelessly networked
> to the router, and one other machine ethernet wired to the router.
> Currently set up with WAP-PSK and a 63 character ASCII key.

It depends on how paranoid you are and what data you are trying to
secure. It is my understanding that although WEP is rather easily
cracked with tools available on the Internet, WPA-PSK is currently only
attackable through brute force techniques (i.e., guessing the password).
A long, complex, non-dictionary WPA password should be more than
sufficient for a home wifi network. As Jack said WPA2 (WPA-AES) is even
more secure because it uses a different encryption standard.

Although periodically changing passwords theoretically increases
security (e.g., if it takes 10 hours to brute force guess a password and
you change it every hour, you increase the total time it takes to guess
it), in practice, it's likely to decrease security because most human
beings can't remember changing sequences of long, complex,
non-dictionary passwords without some memory aid. As soon as you start
writing the password down someplace (e.g., on a post-it stuck to the
monitor) the potential for a security breach goes up.

Lem wrote:
> Robert M Jones wrote:
>> What is best advice regarding the rekeying interval for WAP-PSK? My
>> ISP advises leaving this setting alone (it defaults to zero). What is
>> best for an ordinary home network - I have one desktop wirelessly
>> networked to the router, and one other machine ethernet wired to the
>> router. Currently set up with WAP-PSK and a 63 character ASCII key.
>
> It depends on how paranoid you are and what data you are trying to
> secure. It is my understanding that although WEP is rather easily
> cracked with tools available on the Internet, WPA-PSK is currently only
> attackable through brute force techniques (i.e., guessing the password).
> A long, complex, non-dictionary WPA password should be more than
> sufficient for a home wifi network. As Jack said WPA2 (WPA-AES) is even
> more secure because it uses a different encryption standard.
>
> Although periodically changing passwords theoretically increases
> security (e.g., if it takes 10 hours to brute force guess a password and
> you change it every hour, you increase the total time it takes to guess
> it), in practice, it's likely to decrease security because most human
> beings can't remember changing sequences of long, complex,
> non-dictionary passwords without some memory aid. As soon as you start
> writing the password down someplace (e.g., on a post-it stuck to the
> monitor) the potential for a security breach goes up.


Sorry, I mis-read your question. I stand by what I wrote about changing
passwords, but "rekeying interval" for WPA-TKIP refers to the automatic
rekeying (which is why it's called "Temporal Key Integrity Protocol").
I agree with Jack. Leave it at the default.

Lem wrote:
> Lem wrote:
>> Robert M Jones wrote:
>>> What is best advice regarding the rekeying interval for WAP-PSK? My
>>> ISP advises leaving this setting alone (it defaults to zero). What is
>>> best for an ordinary home network - I have one desktop wirelessly
>>> networked to the router, and one other machine ethernet wired to the
>>> router. Currently set up with WAP-PSK and a 63 character ASCII key.
>>
>> It depends on how paranoid you are and what data you are trying to
>> secure. It is my understanding that although WEP is rather easily
>> cracked with tools available on the Internet, WPA-PSK is currently
>> only attackable through brute force techniques (i.e., guessing the
>> password). A long, complex, non-dictionary WPA password should be
>> more than sufficient for a home wifi network. As Jack said WPA2
>> (WPA-AES) is even more secure because it uses a different encryption
>> standard.
>>
>> Although periodically changing passwords theoretically increases
>> security (e.g., if it takes 10 hours to brute force guess a password
>> and you change it every hour, you increase the total time it takes to
>> guess it), in practice, it's likely to decrease security because most
>> human beings can't remember changing sequences of long, complex,
>> non-dictionary passwords without some memory aid. As soon as you
>> start writing the password down someplace (e.g., on a post-it stuck to
>> the monitor) the potential for a security breach goes up.
>
>
> Sorry, I mis-read your question. I stand by what I wrote about changing
> passwords, but "rekeying interval" for WPA-TKIP refers to the automatic
> rekeying (which is why it's called "Temporal Key Integrity Protocol"). I
> agree with Jack. Leave it at the default.

Thank you. I understand the rest - it was the rekeying interval I
wanted. Thanks again.

--
Rev Robert M Jones, Wimborne Baptist Church, UK
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420

Further to your discussion,

I have set up a wireless network with WPA-PSK and was wondering if there was
any way for windows to store the network profile and hence WPA key so that i
don't have to manually enter it every time i turn the pc on.

Thanks in advance for any help

"Robert M Jones" wrote:

> Lem wrote:
> > Lem wrote:
> >> Robert M Jones wrote:
> >>> What is best advice regarding the rekeying interval for WAP-PSK? My
> >>> ISP advises leaving this setting alone (it defaults to zero). What is
> >>> best for an ordinary home network - I have one desktop wirelessly
> >>> networked to the router, and one other machine ethernet wired to the
> >>> router. Currently set up with WAP-PSK and a 63 character ASCII key.
> >>
> >> It depends on how paranoid you are and what data you are trying to
> >> secure. It is my understanding that although WEP is rather easily
> >> cracked with tools available on the Internet, WPA-PSK is currently
> >> only attackable through brute force techniques (i.e., guessing the
> >> password). A long, complex, non-dictionary WPA password should be
> >> more than sufficient for a home wifi network. As Jack said WPA2
> >> (WPA-AES) is even more secure because it uses a different encryption
> >> standard.
> >>
> >> Although periodically changing passwords theoretically increases
> >> security (e.g., if it takes 10 hours to brute force guess a password
> >> and you change it every hour, you increase the total time it takes to
> >> guess it), in practice, it's likely to decrease security because most
> >> human beings can't remember changing sequences of long, complex,
> >> non-dictionary passwords without some memory aid. As soon as you
> >> start writing the password down someplace (e.g., on a post-it stuck to
> >> the monitor) the potential for a security breach goes up.
> >
> >
> > Sorry, I mis-read your question. I stand by what I wrote about changing
> > passwords, but "rekeying interval" for WPA-TKIP refers to the automatic
> > rekeying (which is why it's called "Temporal Key Integrity Protocol"). I
> > agree with Jack. Leave it at the default.
>
> Thank you. I understand the rest - it was the rekeying interval I
> wanted. Thanks again.
>
> --
> Rev Robert M Jones, Wimborne Baptist Church, UK
> http://www.wimborne-baptist.org.uk
> Free trial of Mailwasher Pro - effective email spam filter - (commission
> goes to our partners in Bulgaria)
> http://fta.firetrust.com/index.cgi?id=420
>

"mchoss" <(E-Mail Removed)> wrote in message
news:B181385C-1865-4AD8-9034-(E-Mail Removed)...
> Further to your discussion,
>
> I have set up a wireless network with WPA-PSK and was wondering if there
> was
> any way for windows to store the network profile and hence WPA key so that
> i
> don't have to manually enter it every time i turn the pc on.
>

Go to Network Connections, right-click on the ireless Connection and choose
Properties. You should see a tab called "Wireless Networks". Click on that,
then go to the Properties button and add the WPA key there

HTH