Encryption key question

Discussion in 'Wireless Networking' started by Joe S., Aug 11, 2007.

  1. Joe S.

    Joe S. Guest

    In another thread, I described a problem I was having connecting to my
    router with security enabled. Thanks to comments by Rick_NJ and an MVP, I
    tried entering a hex encryption key rather than a passcode and that solved
    the problem.

    As I understand it, if I enter a passcode, the system translates that
    passcode -- which, I guess, is ASCII -- into hex and, from that, generates
    encryption keys.

    All I know about hex is that it's a base 16 number system that uses the
    digits 0-9 and letters a-f, thus, hex counts
    0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f,10,11,12,13,14,15,16,17,18,19,1a,1b . . . .
    .. or something like that.

    I found a website (several websites, actually) that generate random hex
    codes for use in wireless security. I used one of these sites -- told it to
    give me a 64-bit WEP encryption key and it gave me a key that looks like
    NNNNNNNNNL ( where N is a digit between 0-9 and L is a letter between a-f).
    I entered that into my router and into my laptops and everybody is happy.

    So -- here are my questions:
    1. I assume I would be safer by telling my router to use 128-bit WPA
    encryption, right?
    2. If I do that, and if I want to make up my own hex encryption key, I
    assume I would make up a key that uses random digits between 0-9 and random
    letters between a-f -- but -- how many characters do I need to make up a
    128-bit string? The string I am using for 64-bit encryption has 10
    characters -- do I need 20 for 128-bit encryption?
    3. After doing this, then, I need to go to my laptops -- which are
    connecting to the router's wireless access point -- and enter the same key,
    plus, tell the laptops to use WPA shared key.

    Finally -- another question -- When I check the LAN tab on the router admin
    application, it tells me that my router will assign IP addresses between
    XXX.XXX.XXX.100 and XXX.XXX.XXX.199. When I look at the admin page that
    shows connected devices, it shows the following:
    -- my desktop with IP address XXX.XXX.XXX.101
    -- one laptop with IP address XXX.XXX.XXX.102
    -- second laptop with IP address XXX.XXX.XXX.103

    If I go into the admin routine and change the allowed IP address range to,
    say XXX.XXX.XXX.100 to XXX.XXX.XXX.103, will this effectively block anyone
    else from trying to connect to my network -- provided, of course, all three
    of my devices are connected?

    Thanks.
     
    Joe S., Aug 11, 2007
    #1
    1. Advertisements

  2. Joe S.

    Barb Bowman Guest

    WEP is unsafe.
    http://msmvps.com/blogs/wifizone/ar...t-s-advice-on-this-one-wep-is-not-secure.aspx

    Use WPA2 or WPA. I wrote some about this in the XP timeframe. See
    the sidebar on
    http://www.microsoft.com/windowsxp/using/security/expert/bowman_wirelesssecurity.mspx
    (you have WPA2 out of the box with Vista).

    If you use WPA2/WPA, the chances of someone attaching to your
    network by breaking your encryption are miniscule or non existent if
    you use a strong random WPA key that isn't going to be easy to find
    with a "dictionary attack", and restricting the IP range would not
    really be needed. There probably is nothing stopping an intruder
    from configuring a different IP as a static and gaining access if
    they break your WEP key.

    --

    Barb Bowman
    MS Windows-MVP
    http://www.microsoft.com/windowsxp/expertzone/meetexperts/bowman.mspx
    http://blogs.digitalmediaphile.com/barb/
     
    Barb Bowman, Aug 11, 2007
    #2
    1. Advertisements

  3. Hi
    The problem of the translation form pass phrase to Hex String is a WEP
    problem.
    WPA and WPA2 should be OK.
    Many WPA systems do not even have a menu entry for Hex string and you have
    to use pass phrase.
    So use WPA with a nice pass phrase and take it easy.
    This page helps with pass phrases,
    http://www.microsoft.com/protect/yourself/password/create.mspx
    If you must use WEP, generate the Hex string in the Router from a good pass
    phrase and then copy the resultant Hex string to the Wireless client.
    http://www.ezlan.net/faq.html#wep
    Jack (MVP-Networking).
     
    Jack \(MVP-Networking\)., Aug 11, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.