WPA vs WEP difference

Whats the difference from using a WEP 13 ASCII characters or
WPA 13 ASCII characters. I know the WPA can support 63 but besides the number of charters what else is different.

 

The encryption process. WEP send the key with the packets. The reason it only takes a min to crack. WPA once the connections is made it starts changing the key on what the cycle is set at.

If you use all printable chr in a wpa key 20 chr long, it is secure enough for most. It would take over 20 yrs at a brute force attack of 100k/sec. But only using alpha or word in a dictionary less than a year.

So I recommend a 20 chr min random generated key using all printable chrs. Preferability the max it will take. Like this "nN)'!xQi&b>AZ%^~lkjew-+" (some will not take the double quote chr) you get the idea. Looks alike a typing drill. You can get random generated keys free from grc.com they have all types. Just copy and past to a notepad, the grab parts of key you want to use. Copy and paste into the apporiate fields, typing generates errors. Then save the keys or write them down for future use.

 

WEP is useless because it can be cracked within 5 minutes with freeware.

WPA is currently secure unless you use a poor password like "password" instead of "mf93ml8fjm29fksm9aks35cs"

 

ok make sense now i just set it up using 20 random acsII.
Is it necessary for me to also set up mac filtering?

 

It's less neccesary than just encryption, but it's a good idea. Set it to allow only the liisted MAC address to connect, then register each computer's MAC address.

If you want to be even more nit-picky, you could reduce the max number of auto-configured IP addresses from the default to the number of computer or switch to static IPs.

 

WEP vs WPA

 

WPA is MUCH safer, heck use WPA2 Personal if you can which is even better.

 

yep, much much safer. and who's gonna waste their time trying to crack the "wifi protected area 2" when there are still plenty of fools using WEP out there.

so, so simple to use. you don't really even have to cut at paste- just holler at the good lookin chick across the room (me) and tell her what the phrase/word is

 

MAC Filtering is not required it you have good security. Beside every packet sent has the MAC Address in the header info.

I would hide the SSID once you get it setup. That way it want show up on scans. So if you have friends over you will have to provide the SSID and the key, so a manual setup will be required.

 

Well the SSID will show up on some scans(The software for my atheros cards can usually pull it out even if it's hidden, Netstumbler is another). My reason for hiding is I just don't want people to know what lame naming scheme I used, and laughing at it(At least not without some effort).

 

WPA cracking can be done if you use passphrases instead of ASCII, and fairly easy (Took 20 minutes on my router using an 8 character dictionary word), but if you use multiple words to make up the 8 characters, or even a number thrown in, it'll make passphrase cracking far harder. You can make a huge file that will allow you to do it, but you'll be looking at 20GB+.

In all honesty, I was able to crack my WPA faster than I could WEP, and I've tried every exploit to see how secure my network is. WPA2, however, I couldn't crack it (yet), so if all your devices support it, use it.

 

As with all security it's only as good as the key used. The reason you should never use words in dict. Use all PRINTABLE CHR and MAX LENGTH. You would be spinning your wheels for years and still not get in.

 

Exactly. The protocol itself can only help a little if your password sucks.

On a side note, my brother has a '66 F100. Figured I'd mention that.

 

There's a nice WPA key generator here: http://www.kurtm.net/wpa-pskgen/
You can even choose the number of characters you want. One nice thing about this site is that computations for the key all take place on your computer instead of being generated on a web server and then being transmitted to you.

 

I once thought that this was a good security measure, but have since learned that it really doesn't supply any added security worth being concerned with. There are ways to get your SSID. NetStumbler comes to mind.

 

Hiding SSID by it self is not security, like MAC Filtering.

If a drive-by is use netstumbler, he looking to break in at all cost. All it does is keep the normal connection utility from showing up. If he see a open system, and it does not give out dhcp it's either MAC filtering or static. All they have to do is scan till a pc shows up to get the MAC address to get in. No cracking skills needed there. But with all of the hand held devices, Hiding the SSID prevents them from attempting to connect. Depending on where you live and actually look at logs, you will find a lot less traffic if the SSID is hidden.

Beside I'm using max allowed all printable chr key. I don't think they have a cray in the back seat and 5 yrs to brute force the key. Particurlarly since they can move down the block and get in free.

 

Not a good site the key is in the clear. Use GRC.com there is generated with https in place, so know one but you get it.

 

You don't necessarily have to use the key that site gives you. I used the other site that you're referring to in this post, but I changed several of the characters before using it.