Sign in with
Sign up | Sign in
Your question

WEP Key Passphrase

Last response: in Wireless Networking
Share
Anonymous
May 30, 2004 2:47:36 PM

Archived from groups: alt.internet.wireless (More info?)

help....
I am using a net gear router.
On the set up web page is an option to enter a pass phrase to generate 4
keys.
great, but where do I enter that pass phrase on my pc so that the 2 things
match up?
I am very new to this so no doubt this is a dumb question, apologies in
advance.
currently I have one 10 digit key set up at netgear and on my pc which I
have to enter every time I log on to the network...surely cant be right?help
please!

--
Brett Smith

More about : wep key passphrase

Anonymous
May 30, 2004 2:47:37 PM

Archived from groups: alt.internet.wireless (More info?)

On Sun, 30 May 2004 10:47:36 +0100, Brett Smith spoketh

>help....
>I am using a net gear router.
>On the set up web page is an option to enter a pass phrase to generate 4
>keys.
>great, but where do I enter that pass phrase on my pc so that the 2 things
>match up?
>I am very new to this so no doubt this is a dumb question, apologies in
>advance.
>currently I have one 10 digit key set up at netgear and on my pc which I
>have to enter every time I log on to the network...surely cant be right?help
>please!

Most likely, you'll have to enter the key that is generated by the pass
phrase. The pass phrase is just supposed to make it easier to generate a
key....

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)
Anonymous
May 30, 2004 4:18:14 PM

Archived from groups: alt.internet.wireless (More info?)

by cutting and pasting u think?
is it common not to have to enter a password when logging onto a network?
I know the WEP acts as a "back ground" pass word but still feels very
unsecure?

--
Brett Smith
"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:bpfjb05phnrc1h4ldsagqal6uleoteq97r@4ax.com...
> On Sun, 30 May 2004 10:47:36 +0100, Brett Smith spoketh
>
> >help....
> >I am using a net gear router.
> >On the set up web page is an option to enter a pass phrase to generate 4
> >keys.
> >great, but where do I enter that pass phrase on my pc so that the 2
things
> >match up?
> >I am very new to this so no doubt this is a dumb question, apologies in
> >advance.
> >currently I have one 10 digit key set up at netgear and on my pc which I
> >have to enter every time I log on to the network...surely cant be
right?help
> >please!
>
> Most likely, you'll have to enter the key that is generated by the pass
> phrase. The pass phrase is just supposed to make it easier to generate a
> key....
>
> Lars M. Hansen
> http://www.hansenonline.net
> (replace 'badnews' with 'news' in e-mail address)
Related resources
Anonymous
May 30, 2004 4:18:15 PM

Archived from groups: alt.internet.wireless (More info?)

On Sun, 30 May 2004 12:18:14 +0100, Brett Smith spoketh

>by cutting and pasting u think?
>is it common not to have to enter a password when logging onto a network?
>I know the WEP acts as a "back ground" pass word but still feels very
>unsecure?

Only computers with the correct key can connect to your network. That'll
limit access somewhat. Unfortunately not enough, as WEP is fairly weak
and easy to break. You can add MAC address filtering to improve your
security, and check if perhaps your router/WAP supports WPA, which is a
big improvement over WEP.


Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
Anonymous
May 30, 2004 4:18:16 PM

Archived from groups: alt.internet.wireless (More info?)

Lars M. Hansen <badnews@hansenonline.net> wrote in
news:n4jjb0phchs3jp6nmjmsls7mi19184oqdp@4ax.com:

> Only computers with the correct key can connect to your network. That'll
> limit access somewhat. Unfortunately not enough, as WEP is fairly weak
> and easy to break. You can add MAC address filtering to improve your
> security, and check if perhaps your router/WAP supports WPA, which is a
> big improvement over WEP.

I understand that this weakness requires a lot of network traffic, and
therefore largely does not apply to a single home user who changes the key
on a regular basis.

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm
May 30, 2004 4:21:02 PM

Archived from groups: alt.internet.wireless (More info?)

"Brett Smith" <brettdsmith@tiscali.co.uk> wrote in message
news:o Ziuc.52$ps4.30@newsfe3-gui...
> help....
> I am using a net gear router.
> On the set up web page is an option to enter a pass phrase to generate 4
> keys.
> great, but where do I enter that pass phrase on my pc so that the 2 things
> match up?
> I am very new to this so no doubt this is a dumb question, apologies in
> advance.
> currently I have one 10 digit key set up at netgear and on my pc which I
> have to enter every time I log on to the network...surely cant be
right?help
> please!
>
> --
> Brett Smith
>
>
What Network card and connection software are you using in your PC ?.

Have you checked for the latest firmware / software for your network card ??
May 30, 2004 5:45:02 PM

Archived from groups: alt.internet.wireless (More info?)

Brett Smith wrote:

>> is it common not to have to enter a password when logging onto a network?
> I know the WEP acts as a "back ground" pass word but still feels very
> unsecure?

WEP does not act as any form of password at all.
WEP is _encryption_ on the radio link.
Logging on to a network is _authentication_.
Authentication and encryption are two very different things although
they are often used together (authentication traffic is usually also
encrypted.)


Sander
Anonymous
May 30, 2004 5:45:03 PM

Archived from groups: alt.internet.wireless (More info?)

thanks for the feed back.
I do not log onto my network....I boot up and the wifi card detects my
network and it connects.....
I am only using one set of 10 digits in key 1 as there is only one place to
enter the key on my pc software. y o y is this so difficult!

--
Brett Smith
"Sander" <Big_Scary_Man@hotmail.com> wrote in message
news:YOjuc.744$9n5.737@amstwist00...
> Brett Smith wrote:
>
> >> is it common not to have to enter a password when logging onto a
network?
> > I know the WEP acts as a "back ground" pass word but still feels very
> > unsecure?
>
> WEP does not act as any form of password at all.
> WEP is _encryption_ on the radio link.
> Logging on to a network is _authentication_.
> Authentication and encryption are two very different things although
> they are often used together (authentication traffic is usually also
> encrypted.)
>
>
> Sander
May 31, 2004 2:11:39 AM

Archived from groups: alt.internet.wireless (More info?)

Lars M. Hansen wrote:

> Only computers with the correct key can connect to your network. That'll
> limit access somewhat.

Yep.

> Unfortunately not enough, as WEP is fairly weak
> and easy to break.

It will keep the majority opf people off of your network.
It will not keep a determnined attacker or someone with a lot of
knowledge off though.

> You can add MAC address filtering to improve your
> security,


If someone has the possibility of cracking WEP they'll surely be able to
assign their card another MAC adress.
IMHO not any stronger than WEP.
With most access points it's easy to do and it doesn't require client
support, so it won't hurt. But don't feel safe because you've got a MAC
access control list.
If you think WEP is easy... MAC ACL is a _lot_ easier and quicker to
circumvent then WEP.

> and check if perhaps your router/WAP supports WPA, which is a
> big improvement over WEP.

Yes! If you really want to improve on WEP then WPA or an implementation
of 802.1x (like EAP-TLS, TTLS or PEAP, which combines encryption with
authentication) with automatically rotating keys is the way to go.


Sander
June 1, 2004 5:13:08 PM

Archived from groups: alt.internet.wireless (More info?)

In article <aakuc.20215$j24.14933@twister.nyroc.rr.com>,
news@DELETE_THISmccune.cc says...
> Lars M. Hansen <badnews@hansenonline.net> wrote in
> news:n4jjb0phchs3jp6nmjmsls7mi19184oqdp@4ax.com:
>
> > Only computers with the correct key can connect to your network. That'll
> > limit access somewhat. Unfortunately not enough, as WEP is fairly weak
> > and easy to break. You can add MAC address filtering to improve your
> > security, and check if perhaps your router/WAP supports WPA, which is a
> > big improvement over WEP.
>
> I understand that this weakness requires a lot of network traffic, and
> therefore largely does not apply to a single home user who changes the key
> on a regular basis.
>
>
That turns out to not be the case. Tools exist for breaking into a
wireless network that uses WEP without collecting network traffic.

---Matthew
June 2, 2004 12:25:34 AM

Archived from groups: alt.internet.wireless (More info?)

Are you talking about denial-of-service, or actually being able to gain full
access to a WEP-encrypted access point?

If the latter, are you saying there is some method to find the WEP key that
does not involve statistical analysis of network traffic, or are you saying
that there is some method to bypass WEP encryption altogether?

Brute force attacks might have some success on networks that use a
dictionary key, or systems that use a password generator seeded with a
dictionary key, but if a completely random key is chosen from the entire
possible space of binary keys, I don't see how an ordinary hacker with
ordinary computing resources can rely on brute force.

Please clarify.

<null@void.net> wrote in message
news:MPG.1b26832baca02e7f989792@read1.news.sjc1.globix.net...
> In article <aakuc.20215$j24.14933@twister.nyroc.rr.com>,
> news@DELETE_THISmccune.cc says...
> > Lars M. Hansen <badnews@hansenonline.net> wrote in
> > news:n4jjb0phchs3jp6nmjmsls7mi19184oqdp@4ax.com:
> >
> > > Only computers with the correct key can connect to your network.
That'll
> > > limit access somewhat. Unfortunately not enough, as WEP is fairly weak
> > > and easy to break. You can add MAC address filtering to improve your
> > > security, and check if perhaps your router/WAP supports WPA, which is
a
> > > big improvement over WEP.
> >
> > I understand that this weakness requires a lot of network traffic, and
> > therefore largely does not apply to a single home user who changes the
key
> > on a regular basis.
> >
> >
> That turns out to not be the case. Tools exist for breaking into a
> wireless network that uses WEP without collecting network traffic.
>
> ---Matthew
June 2, 2004 5:45:28 PM

Archived from groups: alt.internet.wireless (More info?)

In article <2D5vc.1788$5k4.596@newssvr23.news.prodigy.com>,
pleasenospam@sbcglobal.net says...
> Are you talking about denial-of-service, or actually being able to gain full
> access to a WEP-encrypted access point?
>
> If the latter, are you saying there is some method to find the WEP key that
> does not involve statistical analysis of network traffic, or are you saying
> that there is some method to bypass WEP encryption altogether?
>
> Brute force attacks might have some success on networks that use a
> dictionary key, or systems that use a password generator seeded with a
> dictionary key, but if a completely random key is chosen from the entire
> possible space of binary keys, I don't see how an ordinary hacker with
> ordinary computing resources can rely on brute force.
>
> Please clarify.
>
> <null@void.net> wrote in message
> news:MPG.1b26832baca02e7f989792@read1.news.sjc1.globix.net...
> > In article <aakuc.20215$j24.14933@twister.nyroc.rr.com>,
> > news@DELETE_THISmccune.cc says...
> > > Lars M. Hansen <badnews@hansenonline.net> wrote in
> > > news:n4jjb0phchs3jp6nmjmsls7mi19184oqdp@4ax.com:
> > >
> > > > Only computers with the correct key can connect to your network.
> That'll
> > > > limit access somewhat. Unfortunately not enough, as WEP is fairly weak
> > > > and easy to break. You can add MAC address filtering to improve your
> > > > security, and check if perhaps your router/WAP supports WPA, which is
> a
> > > > big improvement over WEP.
> > >
> > > I understand that this weakness requires a lot of network traffic, and
> > > therefore largely does not apply to a single home user who changes the
> key
> > > on a regular basis.
> > >
> > >
> > That turns out to not be the case. Tools exist for breaking into a
> > wireless network that uses WEP without collecting network traffic.
> >
> > ---Matthew
>
Here's some info:

The weakness is in the Key Scheduling Algorithm in WEP. The WEP keys
themselves are weak. This flaw causes allows they key to be "guessed"
based on statistical information derived from what are called
Interesting Packets. These packets have a problem with weak
Initialization Vectors. Some vendors have changed their firmware to
reduce the # of Interesting Packets. This means that tools like Wepcrack
and Airsnort are much less effective than they used to be. However,
there are tools / code out there that can inject Interesting Packets
into legitimate traffic thus cutting down the time required to derive
the WEP key. This technique will work whether or not the vendor has
fixed their WEP implementation.

The tools are WepWedgie http://sourceforge.net/projects/wepwedgie/ and
reinj.c from h1kari who wrote BSD Airtools (dont have the url handy).
They increase the number of interesting packets thus decreasing the
amount of time and number of packets required to derive the key.

And here's some more:

Nick Petroni and Bill Arbaugh have outlined an active attack that
would give you full access to a WEP encrypted wireless LAN
without knowledge of the secret key.

It relies on the lack of integrity checks for the wireless packets
which lets an attacker inject arbitrary packets into the LAN
without being detected.

The attack does not require you to crack any WEP key and uses
the fact that WEP wrongly uses CRC for integrity checks, this lets
an attacker mount an inductive attack to gradually recover additional
bits of a pseudorandom stream provided that N bytes are initially
recovered with a known plaintext attack. They cite ARP and DHCP requests
as effective for this inital recovery. BTW, you don't really need to
*inject* packets for the inital recovery.

Full description of the attack appeared on:
"The Dangers of Mitigating Security Design Flaws: A Wireless Case Study"
Nick L. Petroni Jr. and William Arbaugh
IEEE Security & Privacy magazine vol1. num 1., January/February 2003

A powerpoint presentation is available at:
http://www.cs.umd.edu/~waa/wepwep2-attack.html

---Matthew

P.S. Top posting makes it hard to follow a thread.

P.P.S. Check out securityfocus.com and their security mailing lists, the
source for this info and lot's more.
Anonymous
June 2, 2004 7:14:03 PM

Archived from groups: alt.internet.wireless (More info?)

On Sun, 30 May 2004 22:11:39 +0200, Sander spoketh

>Lars M. Hansen wrote:
>
>> Only computers with the correct key can connect to your network. That'll
>> limit access somewhat.
>
>Yep.
>
>> Unfortunately not enough, as WEP is fairly weak
>> and easy to break.
>
>It will keep the majority opf people off of your network.
>It will not keep a determnined attacker or someone with a lot of
>knowledge off though.
>
>> You can add MAC address filtering to improve your
>> security,
>
>
>If someone has the possibility of cracking WEP they'll surely be able to
> assign their card another MAC adress.
>IMHO not any stronger than WEP.
>With most access points it's easy to do and it doesn't require client
>support, so it won't hurt. But don't feel safe because you've got a MAC
>access control list.
>If you think WEP is easy... MAC ACL is a _lot_ easier and quicker to
>circumvent then WEP.
>

That may be so, but using both encryption and MAC address filtering
would be security in layers (although the MAC address would be
transmitted in clear text). Combined, the two should be sufficient to
keep your snoopy neighbor who just brought his AP home from the store...
Using WPA, which means automatic key synchronization and preferably AES
encryption, would be the preferable solution.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
June 3, 2004 1:30:43 AM

Archived from groups: alt.internet.wireless (More info?)

Ah! Okay, I'm familiar with most of the techniques you mention. However, the
statement I was responding to was:

"Tools exist for breaking into a wireless network that uses WEP without
collecting network traffic."

Strictly speaking, this is not true. When you inject packets, you're
creating network traffic for which you already possess plaintext. It's more
accurate to say that techniques exist to reduce the amount of data that must
be collected to crack the key. It's also true that text can be partially or
wholly decoded without ever cracking the key, by building what amounts to a
database of IV/keystream pairs, but it still involves monitoring traffic.



<null@void.net> wrote in message
news:MPG.1b27dc46814dbf14989793@read1.news.sjc1.globix.net...
> In article <2D5vc.1788$5k4.596@newssvr23.news.prodigy.com>,
> pleasenospam@sbcglobal.net says...
> > Are you talking about denial-of-service, or actually being able to gain
full
> > access to a WEP-encrypted access point?
> >
> > If the latter, are you saying there is some method to find the WEP key
that
> > does not involve statistical analysis of network traffic, or are you
saying
> > that there is some method to bypass WEP encryption altogether?
> >
> > Brute force attacks might have some success on networks that use a
> > dictionary key, or systems that use a password generator seeded with a
> > dictionary key, but if a completely random key is chosen from the entire
> > possible space of binary keys, I don't see how an ordinary hacker with
> > ordinary computing resources can rely on brute force.
> >
> > Please clarify.
> >
> > <null@void.net> wrote in message
> > news:MPG.1b26832baca02e7f989792@read1.news.sjc1.globix.net...
> > > In article <aakuc.20215$j24.14933@twister.nyroc.rr.com>,
> > > news@DELETE_THISmccune.cc says...
> > > > Lars M. Hansen <badnews@hansenonline.net> wrote in
> > > > news:n4jjb0phchs3jp6nmjmsls7mi19184oqdp@4ax.com:
> > > >
> > > > > Only computers with the correct key can connect to your network.
> > That'll
> > > > > limit access somewhat. Unfortunately not enough, as WEP is fairly
weak
> > > > > and easy to break. You can add MAC address filtering to improve
your
> > > > > security, and check if perhaps your router/WAP supports WPA, which
is
> > a
> > > > > big improvement over WEP.
> > > >
> > > > I understand that this weakness requires a lot of network traffic,
and
> > > > therefore largely does not apply to a single home user who changes
the
> > key
> > > > on a regular basis.
> > > >
> > > >
> > > That turns out to not be the case. Tools exist for breaking into a
> > > wireless network that uses WEP without collecting network traffic.
> > >
> > > ---Matthew
> >
> Here's some info:
>
> The weakness is in the Key Scheduling Algorithm in WEP. The WEP keys
> themselves are weak. This flaw causes allows they key to be "guessed"
> based on statistical information derived from what are called
> Interesting Packets. These packets have a problem with weak
> Initialization Vectors. Some vendors have changed their firmware to
> reduce the # of Interesting Packets. This means that tools like Wepcrack
> and Airsnort are much less effective than they used to be. However,
> there are tools / code out there that can inject Interesting Packets
> into legitimate traffic thus cutting down the time required to derive
> the WEP key. This technique will work whether or not the vendor has
> fixed their WEP implementation.
>
> The tools are WepWedgie http://sourceforge.net/projects/wepwedgie/ and
> reinj.c from h1kari who wrote BSD Airtools (dont have the url handy).
> They increase the number of interesting packets thus decreasing the
> amount of time and number of packets required to derive the key.
>
> And here's some more:
>
> Nick Petroni and Bill Arbaugh have outlined an active attack that
> would give you full access to a WEP encrypted wireless LAN
> without knowledge of the secret key.
>
> It relies on the lack of integrity checks for the wireless packets
> which lets an attacker inject arbitrary packets into the LAN
> without being detected.
>
> The attack does not require you to crack any WEP key and uses
> the fact that WEP wrongly uses CRC for integrity checks, this lets
> an attacker mount an inductive attack to gradually recover additional
> bits of a pseudorandom stream provided that N bytes are initially
> recovered with a known plaintext attack. They cite ARP and DHCP requests
> as effective for this inital recovery. BTW, you don't really need to
> *inject* packets for the inital recovery.
>
> Full description of the attack appeared on:
> "The Dangers of Mitigating Security Design Flaws: A Wireless Case Study"
> Nick L. Petroni Jr. and William Arbaugh
> IEEE Security & Privacy magazine vol1. num 1., January/February 2003
>
> A powerpoint presentation is available at:
> http://www.cs.umd.edu/~waa/wepwep2-attack.html
>
> ---Matthew
>
> P.S. Top posting makes it hard to follow a thread.
>
> P.P.S. Check out securityfocus.com and their security mailing lists, the
> source for this info and lot's more.
June 3, 2004 10:26:08 AM

Archived from groups: alt.internet.wireless (More info?)

Daniel,
Would you please contact me via e-mail at the address below?

Thanks,
--
DaveC
dave [dash] usenet7800 [at] mailblocks.com
This is an invalid return address
Please reply in the news group
Anonymous
June 5, 2004 4:00:47 PM

Archived from groups: alt.internet.wireless (More info?)

Does anyone know of a wireless USB 2.0-compatible print server that would
work with an HP Photosmart 7960? I have just installed Linkysys WRT54GS
wireless router and the two laptops that will access the server both run XP
Pro.

Thanks

Ina
!