[jlo mein]

I currently own a Lynksys WRT54GS wireless router running the latest firmware. Before today, I had the wireless security set to WPA2 Personal TKIP+AES, with a 15 character randomized access key.

I recently bought a Sony PSP and was trying to get it to work properly with the network. I think I have finally figured out that the PSP does not like WPA2. What I now have my security set to is the normal WPA Personal TKIP. I still use a 15 character randomized access key.

What I would like to know is if I am going to lose a lot of security over my wireless connection by switching from WPA2 Personal TKIP+AES to WPA Personal TKIP?

thanks

 

[JaGWiRE]

Quote:

Originally Posted by jlo mein I currently own a Lynksys WRT54GS wireless router running the latest firmware. Before today, I had the wireless security set to WPA2 Personal TKIP+AES, with a 15 character randomized access key. I recently bought a Sony PSP and was trying to get it to work properly with the network. I think I have finally figured out that the PSP does not like WPA2. What I have have my security set to is the normal WPA Personal TKIP. I still use a 15 character randomized access key. What I would like to know is if I am going to lose a lot of security over my wireless connection by switching from WPA2 Personal TKIP+AES to WPA Personal TKIP? thanks

Relax dude, WEP is the only thing really unsecure and easily crackable. WPA is fine, regardless of it's 1 and 2 imho.

 

[cire]

Quote:

Originally Posted by JaGWiRE Relax dude, WEP is the only thing really unsecure and easily crackable. WPA is fine, regardless of it's 1 and 2 imho.

quite a bit of an overstatement... yes it is crackable, but its certainly not easy. you're making an assumption that everyone around you is in fact a linux junky who's out to hack the world....

 

[JaGWiRE]

Quote:

Originally Posted by cire quite a bit of an overstatement... yes it is crackable, but its certainly not easy. you're making an assumption that everyone around you is in fact a linux junky who's out to hack the world....

Well, it isn't really difficult It's not like your beginning to work with a prime number, way easier then that. Cryptography rules

. Even with WEP I would say your fine though, seriously, few people would spend the time to load up linux and begin airsniffing away.

 

[grawk]

WEP and WPA-TKIP are both equally crackable. About 2 hrs with an active connection. Don't stress it though, unless you're doing something vital with it. If you're concerned, just authorize based on mac addresses.

 

[cire]

Quote:

Originally Posted by grawk If you're concerned, just authorize based on mac addresses.

getting around that is even easier than cracking WEP/WPA

 

[jlo mein]

Quote:

Originally Posted by grawk If you're concerned, just authorize based on mac addresses.

On top of my WPA TKIP I also only allow access to MAC addresses I input (currently just my laptop and PSP wirelessly, then a couple desktops).

Should I look into trying to limit the range on my router? My laptop has an Atheros card that gets great reception to networks around the neighbourhood, however my PSP sometimes barely connects to my home network.

The reason why I don't use WEP encryption is apparently it slows down your transfer rates.

 

[grawk]

You're apparently concerned. Is there a reason why you're concerned? You could always do what we do at work. We use WPA2 with 802.X authentication using SecurID one time pads. Or you could do what I do at home. Nothing.

 

[JaGWiRE]

Quote:

Originally Posted by grawk You're apparently concerned. Is there a reason why you're concerned? You could always do what we do at work. We use WPA2 with 802.X authentication using SecurID one time pads. Or you could do what I do at home. Nothing.

Yeah, no reason to worry. Seirously, the chances of somebody going and trying to hack your network (depending on if you live near a bunch of hotels or big city or something) is pretty low.

 

[Elec]

I'll agree with that. Unless somebody is after you specifically, having ANY wireless encryption on your link is probably enough to make the wardriver move along another two blocks to a completely open AP.

 

[star882]

Quote:

Originally Posted by jlo mein The reason why I don't use WEP encryption is apparently it slows down your transfer rates.

That's a myth. The only encryption scheme that actually slowed anything down by much was WPA TKIP.

 

[JaGWiRE]

Quote:

Originally Posted by Elec I'll agree with that. Unless somebody is after you specifically, having ANY wireless encryption on your link is probably enough to make the wardriver move along another two blocks to a completely open AP.

Yup, the only time I'de be worried was if I was running some very top-secret / private processes, and others knew about it / where I live, but still, for the average user, you don't need to be paranoid. If you want to keep your neighbors out of your network and wardrivers away, encryption of any sort should be fine.

 

[Stephonovich]

All wireless transmissions carry with them a certain amount of insecurity. It's all a matter of layering. As has been stated, most any hurdle will send wardrivers packing. Personally, I use WPA (v1, as a legacy WNIC I have doesn't support v2) with a 49 alpha/numeric/symbol character key (which is suprisingly easy to remember). I seriously doubt anyone would bother attempting to break it, or even access it for that matter. It's more or less a toy for me to play with.

If anyone is seriously interested in wireless security, I suggest reading Wi-Foo. Great book, although fairly technical. Covers the gamut from WEP to RADIUS, and on both sides of the war - defending and attacking.

 

[acs236]

I'm been through so many routers the past couple years, with varying features. The security I like the best is to limit access to certian MACs -- but not all models support that.

 

[gevorg]

Additionally, you can also limit the max. number of computers to whatever the number you usually have turned on. Use common sense by deciding what to share over the network (no C:\Windows, etc.)

And if you have any sensitive information just use some external crypto security software. Those are practically impossible to crack, unless its done by the government, and if the gov'ernment is after you...well, they'll find a way