WPA and WEP random key generator (for wireless routers)

I have written a small program which generates a random key string that can
be entered (pasted) into wireless network card configuration screens and
into routers. It is intended to defeat dictionary attacks on WPA (or WEP)
encrypted wireless networks.

This program was only finished yesterday and I have not been able to test it
with a variety of Wireless devices. It should therefore be regarded as a
beta version and I would be grateful for any feedback. It runs on Windows
(tested on XP Professional). It depends on having Microsoft .NET Framework
version 1.1 installed.

The zip file download is 114 Kbytes which includes a PDF version of the web
page. The executable program does not require installation and is 44
Kbytes. You just run the executable (even from within the zip file on XP).
Administrator privileges are not required. As far as I am aware it makes no
changes to the registry (unless the .NET framework code does something
sneaky behind the scenes that I am not aware of).

The program is free to use for both home and commercial use and I intend it
to remain so.

Here is the link to the web page which describes the program and where the
download link can be found http://www.soroban.co.uk/wepkeygen.htm

John Steele
Soroban Systems Ltd

"John Steele" <(E-Mail Removed)> wrote:

>I have written a small program which generates a random key string that can
>be entered (pasted) into wireless network card configuration screens and
>into routers. It is intended to defeat dictionary attacks on WPA (or WEP)
>encrypted wireless networks.

Forgive for me asking a daft question, but why is it hard for a person
to create a WPA passphrase which is practically impossible to crack?

The thing that's different between WPA and normal password usage is
that the WPA shared key is entered only once; it doesn't have to be
entered each time one logs onto one's PC or whatever (which is when
passwords become a real PITA as everyone knows). So one can choose
something really obscure.

The problem I have found with WPA is that a lot of older (>1 year
perhaps?) kit doesn't support it, or does support it but it doesn't
work.


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.

In article <(E-Mail Removed)>, Peter
<(E-Mail Removed)> writes
>
> "John Steele" <(E-Mail Removed)> wrote:
>
>>I have written a small program which generates a random key string that can
>>be entered (pasted) into wireless network card configuration screens and
>>into routers. It is intended to defeat dictionary attacks on WPA (or WEP)
>>encrypted wireless networks.
>
>Forgive for me asking a daft question, but why is it hard for a person
>to create a WPA passphrase which is practically impossible to crack?
>
>The thing that's different between WPA and normal password usage is
>that the WPA shared key is entered only once; it doesn't have to be
>entered each time one logs onto one's PC or whatever (which is when
>passwords become a real PITA as everyone knows). So one can choose
>something really obscure.
>
>The problem I have found with WPA is that a lot of older (>1 year
>perhaps?) kit doesn't support it, or does support it but it doesn't
>work.
>
Try downloading the latest drivers. My PC card didn't support WPA when
I bought it; it does now.
--
Thoss

thoss <(E-Mail Removed)> wrote

>Try downloading the latest drivers. My PC card didn't support WPA when
>I bought it; it does now.

There are two places where WPA can be configured: in XP or in the
software that comes with the wifi adapter. Sometimes, one works and
not the other, or vice versa, or neither.


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.
Please do NOT copy usenet posts to email - it is NOT necessary.

Hi,

This seems better, but is online only:

http://www.warewolflabs.com/portfoli...g/wlanskg.html

Kind Regards

Simon

--

In message <423b51d4$0$38043$(E-Mail Removed)>, Simon
Zerafa <postmaster@127.0.0.1> writes
>Hi,
>
>This seems better, but is online only:
>
> http://www.warewolflabs.com/portfoli...g/wlanskg.html

How about a method that only requires dice (real ones):

The Diceware Passphrase Home Page.

"This page offers a better way to create a strong, yet easy to remember
passphrase for use with encryption and security programs. Weak passwords
and passphrases are one of the most common flaws in computer security.
Take a few minutes and learn how to do it right. The information
presented here can be used by anyone. No background in cryptography or
mathematics is required. Just follow the simple steps below."

http://www.diceware.com/

Regards to All,

Chris

--
Chris Salter

"Chris Salter" <(E-Mail Removed)> wrote in message
news:heEwkyB$(E-Mail Removed)...
> In message <423b51d4$0$38043$(E-Mail Removed)>, Simon
> Zerafa <postmaster@127.0.0.1> writes
>>Hi,
>>
>>This seems better, but is online only:
>>
>> http://www.warewolflabs.com/portfoli...g/wlanskg.html
>
> How about a method that only requires dice (real ones):
>
> The Diceware Passphrase Home Page.
>
> "This page offers a better way to create a strong, yet easy to remember
> passphrase for use with encryption and security programs. Weak passwords
> and passphrases are one of the most common flaws in computer security.
> Take a few minutes and learn how to do it right. The information presented
> here can be used by anyone. No background in cryptography or mathematics
> is required. Just follow the simple steps below."
>
> http://www.diceware.com/
>
> Regards to All,
>
> Chris
>
> --
> Chris Salter

The point is that the passphrase for WPA (or WEP) does not need to be
remembered. It is only entered at configuration time and can be stored in a
text file and carried on a USB memory stick, floppy disk etc from machine to
machine. Other uses of passphrases do need them to be memorable.

With a random passphrase the security is as strong as it is possible to make
it. There are no recognisable words that could be susceptible to a
dictionary based attack.

I was already aware of both of the alternative methods suggested in this
thread before I wrote my program.