Your safety with WPA2 varies a bit based on the protocol used (TKIP or AES). TKIP uses WEP mechanisms, and you maintain that WEP exposure if you use it with WPA2. For true WPA2 security, you need to use AES.
The configuration of some devices is deceptive when it lets you use WPA2 with TKIP. -- ME2 On Fri, May 21, 2010 at 2:53 PM, Murray Freeman <[email protected]> wrote: > Ben, that explains things better. My password is 15 characters long > withalpha, numbers and special characters, so I guess I'm reasonably > secure. > > Thanks for the explanation > > > Murray > > > -----Original Message----- > From: Ben Scott [mailto:[email protected]] > Sent: Friday, May 21, 2010 4:47 PM > To: NT System Admin Issues > Subject: Re: script SSID for wireless configs > > On Fri, May 21, 2010 at 3:27 PM, Murray Freeman <[email protected]> > wrote: > > So you are telling me that there are tools that can see something that > > > isn't being broadcast? > > It's still being broadcast. > > Normally, a wifi AP periodically transmits a "beacon frame" > containing the SSID. Member nodes continuously listen for beacon > frames. By doing so, they build up that list of local wifi networks. > You have told your AP not to transmit those beacon frames, so you won't > show up in said list. > > But in order to participate in a wifi network, member nodes must > locate and associate with your AP. That is done in the clear. For > example, suppose your network is named "ALANET". Your laptop has to > first ask, "Are you there, 'ALANET'?" Your AP will then say, "Yes, I am > 'ALANET'." They then proceed to negotiate encryption. > > All wifi receivers in the area will get those transmissions. > Normally, other nodes will ignore your transmissions as unrelated. > But sniffer tools will show the contents of those frames, or even > present a list of them. > > On Fri, May 21, 2010 at 3:47 PM, Murray Freeman <[email protected]> > wrote: > > ... the rest of the neighborhood are broadcasting and several use > > their family name. I'm going to assume that they would tend to draw > > the hackers more than my "unknown" wifi, and most of them are WPA > whereas I'm WPA2. > > That depends. For someone just looking for a free Internet > connection, yes, they will prolly go after the open networks. But some > people see things like a so-called "hidden SSID" as a challenge. > It's more "fun" to go after such targets. > > I am told that WPA2 is generally regarded as cryptographically strong, > though. So unless there's some kind of unpublished attack happening, > you're probabbly in good shape. Unless you have a weak secret, of > course. If your WPA2 key is something like "password", "swordfish", > "12345", "letmein", or your SSID, then you could be in trouble. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
