Wireless router - WAP or WEP?
David Fletcher
dave at thefletchers.net
Tue Nov 18 11:10:19 UTC 2008
On Tuesday 18 November 2008 10:42:54 alan c wrote:
> Nigel Ridley wrote:
> > I'm setting up a wireless router and want to know which works best with
> > Hardy 8.04 -- WAP or WEP?
>
> I have just been looking into this for a friend and this is typical
> information:
>
> Is there a new Wifi hack tool out? WEP+MAC Filter failures (2007)
> http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=242736&mess
>ageID=2457489 --
> alan cocks
> Ubuntu user #10391
> Linux user #360648
I am told by people more knowledgeable by myself that WEP is cracked by using
a machine with two WiFi interfaces, with one challenging the network and the
other listening to the response. After some time (10 or 20 minutes) it is
possible to determine what the WEP password is from the data gathered from
the responses. This is not a dictionary attack, it attacks and defeats the
encryption itself.
WPA apparently cannot be attacked in this fashion. But I am told (again by
those people more knowledgeable by myself) that there is an easily avoided
vulnerability. When a connection is initiated, the network password is
broadcast in a hashed form. Naturally, any cracker knows the algorithm used
to produce this hash, so if it is captured it is possible to perform a
dictionary attack on the hash. To avoid this vulnerability, do not use words
that can be found in a dictionary.
Like I said, I'm not and expert in WiFi protocols so if I'm talking BS
somebody just say so and I won't be offended.
BTW my wireless router (the cheapest Belkin model) using WPA lets me define a
guest password. It says it only allows internet access, and hides the local
network. Useful for when my son's friends visit with their PSPs etc.
Dave
More information about the kubuntu-users
mailing list