Re: [NTLK] WEP vs Airport

From: Darrell Greenwood (lists1_at_telus.net)
Date: Wed Apr 23 2003 - 11:48:21 PDT


On 4/23/03 at 10:23 PM +1000, Jon Wright wrote the following :

>Once again I turn to the collective wisdom of the list. I now have an
>"Orinoco Gold" wireless card in a N2K. I have a white airport (not
>extreme) which is serving ethernet and wireless hosts on the same
>virtual network. My main server is on the ethernet side. For the
>purpose of discussion I also have a laptop on the wireless side.
>
>Picture: Server <Ethernet>Airport<Wireless>Newton+Powerbook

I have the same setup.

>With WEP turned off altogether (on the Newt, Powerbook and the Airport)
>everything works.

Same here.

>Now turn on WEP (40 bit) on the airport, fix the password on the
>powerbook and add a hex key to the Newton. Ain't nothing goin nowhere.

Same thing happens to me using my Silver card (40 bit only).

But if I turn off DHCP in the Newton and manually assign the Newton's
IP address, everything works.

>Try WEP (128 bit) on the airport, fix the password and a new (very
>long) hex key. Now some things work:
> * Connect to NCU/Escale on the powerbook are OK
> * Appletalk search (from the Newton) can see the server and the
>powerbook
> * Connect to the server insists that the machine is not on the network

Interesting. There have been other reports that Gold cards work
better than Silver. You might want to try turning off DHCP in the
Newton.

>Huh? Repeatable. Note that there is no wep key on the server because it
>doesn't know anything about WEP. Note that the powerbook can talk to
>the server with no problems.
>
>Any suggestions would be most welcome.
>
>BTW I used the mac addresses in the back of the orinoco cards to add to
>the restrict list on the airport and it worked! Basically this
>restricts which mac addresses are permitted to attach to the airport -
>I haven't seen this mentioned anywhere else but it works fine.

I also use the MAC addresses in the restrict list.

FWIW, I have been considering getting a Gold card to increase
security. So I have done a bit of research.

It turns out due to a "designed in fault" in the WEP protocol the
Gold card and 128 bit WEP only takes twice as long to crack (we are
talking several million packets and hours in a busy network) as the
Silver with its 40 bits, rather than exponentially increasing the
time required, as it should.

It also turns out that it is even faster to crack Airport's WEP ASCII
password by taking a few packets and brute force cracking them in a
few minutes. This is due to the limited entropy given by ASCII only
passwords. I have switched to random hex passwords.

<http://world.std.com/~reinhold/airport.html>

Cheers,

Darrell

-- 
This is the NewtonTalk list - http://www.newtontalk.net/ for all inquiries
List FAQ/Etiquette/Terms: http://www.newtontalk.net/faq.html
Official Newton FAQ: http://www.chuma.org/newton/faq/


This archive was generated by hypermail 2.1.5 : Tue Apr 29 2003 - 02:30:01 PDT