Site Totals

61162 Questions Answered 267 Categories

Changing WEP key to enhance security

Hi - new user, very happy to have broadband and wireless internet at last. Following question is addressed in a number of previous posts, but I'm still not clear on what can and should be done.

Reading here and elsewhere, it seems that the supplied WEP key can easily be derived from the SSID. (I tried and on-line program, and it delivered the correct 64-bit key from my modem's SSID.) So I'd like to pick a new PW. A few questions:

- Can I use any string of any length? A post here says the longer the better - but doesn't the system only recognize a certain ASCI password length?

- Do I just enter this new key into the router and each portable device, or do I have toget it accepted by Vz home or some other system component?

- Is there any risk of botching things past recovery if I just change that one line in the settings?

I've read a few articles on wireless security, and am having trouble understanding the differences. Is WEP the best option for a normal home user, or are others better? Not asking anyone here to write an essay; pointers to layman-friendly reviews or other web pages would be much appreciated.

Thanks in advance for help from more experienced users.

-Landscaper

Comments

mattheww50

1). The WEP password on the Actiontec is limited to 64 bits or 128 bits (your choice), That can either be a character string (that strangely enough is less than 8 characters, 5 characters for 64 bit, 13 for 128 bit IIRC), or 16/32 hexadecimal 'digits'. Generally longer passwords are better than shorter ones because shorter ones are easier to guess. Actual words are easier to remember than a string of 16/32 hex digits.

2). WEP is probably more than adequate for home networks. You aren't transferring billions of dollars, and the traffic on the network isn't vast. The main issue with WEP is that given enough wireless traffic, it is possible to extract the WEP key. This is not something that the casual user would do. The general idea of WEP on a home network is to keep the neighbors from using your network, or seeing the data. WPA is more secure because it isn't a fixed key. It is a lot more work to break the WPA encryption than the WEP encryption.

In general, anyone with sufficient resources to easily break the WEP key, probably also has sufficient resources to break into a WPA network as well. Neither is going to keep the KGB or the NSA from reading your wireless traffic. Either will keep out the casual snooper or freeloading neighbor.

Yes you can change just the WEP key, but as long as you are there, there is no reason not to change the SSID. You can improve the security however by not having your network broadcast the SSID.

The only thing you can mess up by playing with the WEP key and the SSID is the wireless network. Since you set it up from a wired connection, you cannot lock yourself out of the router by playing with the wireless setting.

You just enter the Key into the router, and usually into the wireless devices the first time you connect. Windows generally remembers the network key, at least for a while. You don't need permission from Verizon or anyone else, nor do you need an expert to do it.

Worst case if you really screw things up, there is the reset button, and that takes the router back the configuration it was in when you opened the box.

hope that is helpful

Landscaper

Thanks, mattheww50, for a detailed and clear reply. I'll try it tonight. I'm not sure I understand the PW length point - does anything longer than 5 or 8 characters get truncated, or does it still somehow add to un-crackability?

You're quite right abouyt the required security level. I rarely handle billions of dollars at home (or anywhere else), and the NSA is welcome to anything it finds here. I don't even mind access "theft" as long as it doesn't slow me down too much. It's the drive-by file access or trojan installation that scares me. I've mostly left wireless turned off, but would like to use it more.

Thanks for the info on the reset function. For some reason, this wasn't mentioned at installation, and it's good to know. Panic buttons are always appreciated...

-Landscaper

mattheww50

When you set up the network, you get to decide if you want 64 bit or 128 bit encryption.

That decision in turn determines whether the password is 5 or 13 characters.

(Any characters you don't fill in, will be set to Blanks). The setup software won't let you enter any more characters for the encryption key than the key can support. So not only wouldn't more characters not increase the security, it won't let you enter them anyway.

The reality is in the 64 bit key you only get to pick 40 of the bits, and in the 128 bit key you only get to pick 104 bits. These limits are actually determined by US export control laws which treats encryption equipment as weapons of war.

The remaining 24 bits of the key are known to the manufacturer, and the US Government. For export purposes that reduces the encryption to 40 bits, which is the maximum permitted for unrestricted export use.

cjacobs001

Isn't there also something about not going past a certain letter in the alphabets? (I may be a bit confused here.)

Child Item