WEP really needed?

X

-=X=-Factor

Weaksauce
Joined
Oct 14, 2002
Messages
105
I have a wireless router at home that I use for my wired home network and one laptop wirelessly. I dont do anything on this laptop that I need to "hide" from hackers and packet sniffers and stuff. I already locked down the MACs so nobody can get on my network except the PCs already on it (I hope).

I hear that WEP slows down the connection because of its function and was just wondering if I even need it enabled for this one laptop that I just do light web surfing on.
 
-=X=-Factor said:
I have a wireless router at home that I use for my wired home network and one laptop wirelessly. I dont do anything on this laptop that I need to "hide" from hackers and packet sniffers and stuff.
Click to expand...

What you have to hide is a laptop (computing power) and a high speed net connection. The data on your machine is trival compared to what someone can do with it. Also once on the wireless network access to the wired network is fairly simple to obtain.

I already locked down the MACs so nobody can get on my network except the PCs already on it (I hope).
Click to expand...

MAC filtering is trival to bypass. Set up WEP or better yet use WPA.

I hear that WEP slows down the connection because of its function and was just wondering if I even need it enabled for this one laptop that I just do light web surfing on.
Click to expand...

Even with encryption on your wireless connection will continue to be faster than your net connection with some rare exceptions.
 
Setup WPA. So easy to take advantage of weak-sauce no-encryption networks and even WEP networks. At least WPA/2 with AES will bug snoopers a bit more.
 
Depends where you live, or use your computer, also. BTW, WPA has less overhead than WEP...so less of a performance hit, not to mention easier to setup, and more secure.

But back to if you need security or not...what is surrounding you? If you live in an apartment complex, condo complex, or some other "dense" housing with lots of mixed age and..possibly questionable people around..then "yeah". If you live at the end of some dead end dirt road in the middle of the sticks...then "who cares".
 
YeOldeStonecat said:
Depends where you live, or use your computer, also. BTW, WPA has less overhead than WEP
Click to expand...
Correct me if I'm wrong, but WPA is WEP on crack. Keys generated every x seconds based on passphrase. These are the actual encryption keys, so they could be called the WEP key for that session.

So I would think it'd have more overhead, due to changing keys and handshaking the new one.
But back to if you need security or not...what is surrounding you? If you live in an apartment complex, condo complex, or some other "dense" housing with lots of mixed age and..possibly questionable people around..then "yeah". If you live at the end of some dead end dirt road in the middle of the sticks...then "who cares".
Click to expand...
It's always "yes". As has already been pointed out, it's not what data you have so much as the resources that are available. Even if you are in the middle of no where, it's worth it.

Primarily because WPA is so easy to setup.
 
I believe you are thinking of WPA Radius where keys are recieved via a server.

However normal WPA encryption with a nice juicy password from www.grc.com/passwords will keep you very secure, and I haven't noticed a performance hit at all.
 
XOR != OR said:
Correct me if I'm wrong, but WPA is WEP on crack. Keys generated every x seconds based on passphrase.

So I would think it'd have more overhead, due to changing keys and handshaking the new one. .
Click to expand...


I never cared enough to look at the "behind the scenes what's happening"...but I've read in numerous credible sources that WPA doesn't have the performance hit of WEP.
 
Wasn't there a big deal in Wifi News about a year back about WPA actually being easier to crack than WEP? Something about 15 min. keeps popping up in my memory...
 
-=X=-Factor said:
I have a wireless router at home that I use for my wired home network and one laptop wirelessly. I dont do anything on this laptop that I need to "hide" from hackers and packet sniffers and stuff. I already locked down the MACs so nobody can get on my network except the PCs already on it (I hope).

I hear that WEP slows down the connection because of its function and was just wondering if I even need it enabled for this one laptop that I just do light web surfing on.
Click to expand...

Since there are a lot of people with the same reasoning you have, I can access a lot of different "networks" in my apartment complex. It's scary how many people will buy a wireless router and not bother to secure it at all. I've seen up to twelve wireless networks at one time from my apartment and at least seven or eight of them were unsecured. Just think of what you could do with that.

Besides, if the only thing you are doing with the lappy is light web surfing, why are you worried about the extra overhead from a security measure? It would never even come into play.

 
Nate7311 said:
Wasn't there a big deal in Wifi News about a year back about WPA actually being easier to crack than WEP? Something about 15 min. keeps popping up in my memory...
Click to expand...

Not easier...it can be cracked...but far as I know....it's not easier than WEP. I've read there are tools which can grind into WEP within a matter of minutes...if not one minute. I believe WPA takes a bit longer to grind into...depending upon how long your passwords are. With brute force, or dictionary attacks..the time needed..depends on the password...and complexity.
 
I guess running WPA2 in conjunction with MAC filtering and the usual methods plus a RADIUS server would be "best", but for most SOHO apps, WPA/2 + MAC filtering/basics is usually enough.

Of course, that's all moot if you never bother to secure the damn router/access point in the first place.
 
Nate7311 said:
Wasn't there a big deal in Wifi News about a year back about WPA actually being easier to crack than WEP? Something about 15 min. keeps popping up in my memory...
Click to expand...


I think you have it backwards. I've heard realitive n00bs can crack WEP in 15 minutes. That was a while ago before WPA became the dominant choice.
 
So MAC address filtering can be spoofed, WPA/WEP can be cracked... what else is there?
 
WPA can only be cracked with a dictionary attack. And with a good password it will take an unconceivable amount of time to come up with. That's why you need to use a good password.

The process:

Hacker captures x amount of packets from your traffic.

Proceding that, offline, the hack uses programs that brute-force dictionary attack the packets, until it gets the right password.

After that the hacker goes online, with your password, and can connect.

This is why WPA cannot be cracked within a reasonable amount of time with a good password.
 
I've read that the fastest way to crack WEP or WPA is to force a deauth, then capture the reconnect packets. If you pick them all up, you can decode the key pretty easily. That's if its running WPA-PSK. If you have WPA with a radius server, then the key will change quicker than most people could get some 'work' in.

If you're really that paranoid about wireless security, run a VLAN. It has crazy overhead (unless you enable compression and you just so happen to transfer only text), but you can use a form of EAP to protect your data. That in conjunction with WPA2, and you're failry well covered (at that point, only the most persistent hackers would stick around for your network)
 
F1xxer said:
I think you have it backwards. I've heard realitive n00bs can crack WEP in 15 minutes. That was a while ago before WPA became the dominant choice.
Click to expand...

When I moved into my apartment and I needed internet before my cable company hooked it up, I broke out my lappie, and had access in 8 minutes, testing at my home, I broke 128bit in 10 minutes and 64bit in a little over a minute
 
AtomicFire said:
When I moved into my apartment and I needed internet before my cable company hooked it up, I broke out my lappie, and had access in 8 minutes, testing at my home, I broke 128bit in 10 minutes and 64bit in a little over a minute
Click to expand...
WEP security is less dependant upon its bit-length (unless you're doing a brute force attack). Weak IVs are weak IVs, no matter what the coding is.
 
Oneos said:
WPA can only be cracked with a dictionary attack. And with a good password it will take an unconceivable amount of time to come up with. That's why you need to use a good password.
Click to expand...

So, as usual with wired internet/LAN securtity... change your passwords once in awhile, and use a mix of numbers letters. Hmm, sounds simple... too simple.
 
My understanding is that modern hardware skips the weak IVs, making traditionally WEP cracking no longer effective.

I can offer circumstantial evidence in that during my home testing, even with deauth floods, collecting "interesting packets" was VERY slow. I think the target for the attack was like 50,000 and I was getting maybe 5 a minute...
-PHiZ

So has anyone done a weak IV attack on modern 802.11 hardware, and had it be successful?
 
bob said:
So, as usual with wired internet/LAN securtity... change your passwords once in awhile, and use a mix of numbers letters. Hmm, sounds simple... too simple.
Click to expand...

Yep, and that's why i suggested www.grc.com/passwords. This was created by Steve Gibson, and has to be the best password generator you'll ever find. His servers crunch many different factors which always increase and never decrease (eg. his brithdate, current day, moons alignment), and uses them to created these very strong, long, and very random passwords. The same password is never generated twice, and the page will never be cached by a proxy or similar because the page has a certificate which says it expired in 1999.
 
Malk-a-mite said:
WEP is based on a flawed encryption formula.
WPA hasn't yet been proved insecure.
Click to expand...

I'd like to learn more about this, can you provide any linkage that describes the problems with WEP or details either of the two?

Thanks
 
Techx said:
I'd like to learn more about this, can you provide any linkage that describes the problems with WEP or details either of the two?

Thanks
Click to expand...

I should restate the original comment - WPA2 with a sufficiently long key hasn't been found insecure yet.

http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

This is a less in depth view all the major encryption options for wireless and the good and bad points.
http://www.datapro.net/techinfo/wifi_secu.html

Somewhere I have a link to a white paper on WPA .... I'll see if I can dig it out.
 
You must log in or register to reply here.
Back
Top