Solved

Wireless Card Can't connect to WPA Encrypted network

Posted on 2008-10-17
13
1,781 Views
Last Modified: 2013-11-09
Have several people with older laptops trying to use my WPA Encrypted Wireless network (Linsys Wireless G).  Their laptops don't seem to connect to WPA networks, only un-secured or WEP network.  I don't want to change my network to WEP or Unsecured for the sake of a smaller group of users.  Other than asking them to purchase a new network card or a new PC, I can't come up with a solution.

I've heard that there are workarounds.  I know one of the users has a 3 year old Sony Viao and 4 of them have dell latitudes c510 and c610.  Drivers for both systems on the manufacture website are about 5 years old and I don't think install that version driver will help.  All systems have Windows XP with at least Service Pack 2.  I've contacted both Dell and Sony and haven't gotten much from them, outside of using some Network WCC Manager program that I can't find.  Do you guys have a better solution?
0
Comment
Question by:flaco01
  • 5
  • 5
  • 2
13 Comments
 
LVL 3

Expert Comment

by:sullivanr6
ID: 22746317
the card must support WPA natively or it simply wont work. It has nothing to do with the driver that instructs the cart how to operate. I has to do with the actual hardware on the chip itself. If the Wi-Fi card doesn't support WPA, then WEP or MAC address filtering is your only option.

J
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22749007
Actually, an updated driver SHOULD make them support WPA.
It's WPA2 that can often not be upgraded to with just a new driver.

The original WPA is just WEP with a password that changes every so often using Temporal Key Integrity Protocol (TKIP), and any card that had the WiFi logo on it had to be able to upgrade from WEP-only to WPA with just a driver update. Your data isn't really any more secure using WPA than WEP, because the password is still included in every packet (just like WEP).
If a hacker gathers enough packets (5-10 minutes worth) they can break the RC-4 encryption and decode your data. They cannot use that method to reverse engineer the original password, though... the original password plus a NONCE is used to generate encryption vectors that are then used to compute the key used for encryption (and what it morphs to with each variation) - ergo, your connection is secure with WPA.

WPA2 usually needed a hardware upgrade on the cards because it uses AES encryption which requires more horsepower to encode/decode on the fly. Very-few pre-WPA2 wireless cards had a processor powerful enough to handle that extra load.
WPA2-AES does not include the passphrase with every packet so there are no clues to use for cracking it. The only crack it's susceptible to is brute-force dictionary cracks, mitigated 'live' by routers/APs breaking the connection with clients that present the wrong passphrase during authentication, though they can still gather packets and try to brute force them... I've never heard of AES encryption made using a 'random' (non-dictionary) 10+ character passphrase being broken, though.
0
 

Author Comment

by:flaco01
ID: 22749434
Sullivan, it's not the chipset, that I'm pretty sure about. Darr, the manufactures haven't created updated drivers for these types of card since 2003/2004. I checked that already.  Dell & Sony machines are the one's I'm finding with that issue and not only have I checked their website, but I spoke to their reps.  A Sony rep told me about a third party driver that I could use, but I can't find it and didn't bookmark the page.  
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22750989
On the Dells, the Latitude C510 and C610 only ever came with a TrueMobile 1150 Mini-PCI internal, which is an 802.11b card. You could try helping them upgrade to a TrueMobile 1300 or 1350 (11g).

Here's the relevant page (for both the C510 and C610) in the service manual:
http://support.dell.com/support/edocs/systems/latc610/sm_en/upgrades.htm#999869

And sample sources e.g.
TrueMobile 1300
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=220288362789
TrueMobile 1350
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=350111624330
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=170269525313
All of those are $15 or less, and the one that's $15 includes free shipping.

I would not get a TrueMobile 1400 or 1450 as those are dual-band cards and I'm pretty-sure those laptops wouldn't have a 5GHz antenna, so they might burn out the 11a radio driving it through the wrong load. If I recall correctly the 1390 and 1490 cards are mini-PCI express cards and won't fit the 510/610's mini-PCI slot. But either the 1300 or 1400 should fit and work well in those.

1300 Manual - http://support.dell.com/support/edocs/network/p54164/en/index.htm
1350 Manual - http://support.dell.com/support/edocs/network/p70008/en/index.htm

1300 HTML Documentation A00 - http://ftp.us.dell.com/network/R69824.EXE  (18MB - 1.0)
1300/1350 HTML Docs A03 - http://ftp.us.dell.com/network/R69806.EXE   (17MB - 3.0a)

1300/1350 Install A02 - http://ftp.us.dell.com/network/R74092us.EXE  (11MB - 3.40.66)

1300/1350 Drivers A06 - http://ftp.us.dell.com/network/R94827.EXE (16MB - 3.100.35.1)
1300/1350 Drivers A07 - http://ftp.us.dell.com/network/R102320.EXE  (26MB - 3.120.27)
1300/1350 Drivers A08 - http://ftp.us.dell.com/network/R65194.EXE   (5MB - driver only - 3.20.23)
1300/1350 Drivers A09 - http://ftp.us.dell.com/network/R115321.EXE  (48MB - 4.10.40.0)

1350 Drivers A10 - http://ftp.us.dell.com/network/R140747.EXE  (52MB - 4.100.15.5)
1350 Drivers A14 - http://ftp.us.dell.com/network/R151519.EXE  (52MB - 4.100.15.5)

Run the Install file first because it might recognize the card and install it correctly even though the C510/610 never came from Dell with those cards. Then step up through the updates... A06, then A08 (the driver-only package, whether A06 installs or not), and A10 or A14 for the 1350 (I suspect those two actually contain the same driver files, anyway).

If you decide to help them upgrade to 11g and you're unable to install the latest driver updates, post back here and I'll detail the process. Last time I typed the process all in first and the update files installed for the asker without a hitch so they didn't need the extra detail... but I'll be happy to explain how to update the drivers using Device Manager if there's a problem with the autoinstalls.
0
 
LVL 3

Expert Comment

by:sullivanr6
ID: 22751010
My apologies, but device firmware and device drivers are not the same. Regarding horsepower, Im pretty sure that computing algothrims have nothing to do with processing power.

&something just doesnt make sense, are WPA and WEP that similar& they use different key authentication protocols, but is the actually encryption the same? Im pretty familiar with the aircrack suite and this just doesnt make sense. Can someone please provide some links backing this up???
0
 
LVL 3

Expert Comment

by:sullivanr6
ID: 22768431
...alright, no one interested in this thread???

Darr: "Actually, an updated driver SHOULD make them support WPA.
It's WPA2 that can often not be upgraded to with just a new driver."

...that is simply incorrect. regarding driver updates to support WPA (from a native WEP card)
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 44

Expert Comment

by:Darr247
ID: 22769657
> ...that is simply incorrect. regarding driver updates to support WPA (from a native WEP card)

WPA is WEP + TKIP, so I'm afraid your assertion that it's not possible to do with a driver update is the 'simply incorrect' part.

Please show me a card with the WiFi logo on it that cannot be upgraded from WEP-only to WPA with a driver update. Because that was 1 requirement in order to use the WiFi logo on them.
0
 
LVL 3

Expert Comment

by:sullivanr6
ID: 22769707
why isn't WEP mentioned in this article???

http://en.wikipedia.org/wiki/PBKDF2

...and i will find you a card with the Wifi Logo, that can't be upgraded with software drivers :)

do you disagree with my previous statement: "device firmware and device drivers are not the same"????
0
 
LVL 44

Expert Comment

by:Darr247
ID: 22774071
> why isn't WEP mentioned in this article???

Because you're looking in the wrong article - see http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
PBKDF2 is how they generate the encryption vectors which are then used (in WPA) with an incrementing WEP-encrypted [RC-4] password that's included in every packet of the payload.
0
 
LVL 3

Expert Comment

by:sullivanr6
ID: 22778212
thanks Darr, that article has our answer...

The protocol certified through Wi-Fi Alliance's WPA program (and to a lesser extent WPA2) was specifically designed to also work with wireless hardware that was produced prior to the introduction of the protocol which usually had only supported inadequate security through WEP. Many of these devices support the security protocol after a firmware upgrade. Firmware upgrades are not available for all legacy devices.

The last part is my favorite, funny how drivers arent mentioned at all.

Darr, please stop trying to defend your incorrect position;

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access
under HARDWARE SUPPORT
0
 

Author Comment

by:flaco01
ID: 22815972
I'm still a little confused, but maybe I need to read all those references you guys put up.  Give a little to catch up.  Been busy as heck with miles of other problems.  Two that I've about to post now..
0
 
LVL 44

Accepted Solution

by:
Darr247 earned 100 total points
ID: 22817686
On the computers that can't seem to connect, try typing out the passphrase in Notepad so you can double-check that the case is correct all the way through (WEP keys entered in HEX were not case-sensitive, but WPA/WPA2 keys are), that no l/I/1,O/0,or rn/m type of mistakes are being made, then delete the wireless network profile (in Preferred networks on the Wireless Networks tab if using WZC) and copy / paste the passphrase from Notepad into the key field when prompted for it.
 
 
Then, here are some more links to peruse, with pertinent quotes to look for:
 
http://www.pcmag.com/article2/0,4149,1277020,00.asp
" WPA is designed so that legacy wireless hardware can be upgraded via drivers, but with the product cycles of wireless gear being about six months, most manufacturers do not provide WPA upgrades for legacy products."
 
http://www.lanarchitect.net/Articles/Wireless/SecurityRating/
 "If they have WEP only devices, check with the vendor to see if there are any firmware and/or driver updates that will upgrade the device to WPA mode."  
 
http://itmanagement.earthweb.com/article.php/3576421
" What about upgrading existing WEP-based gear?
End users are advised to check with access point and network card vendors to verify that the drivers or firmware are compatible with 802.11i or WPA. Generally speaking, products more than two years old may not be compatible." and ''AES requires processing power on the AP and client that may not be present to have a satisfactory experience in terms of output,''


 
http://www.wi-fi.org/files/wp_9_WPA-WPA2%20Implementation_2-27-05.pdf
"WPA was designed and has been scrutinized by well-known cryptographers. It can be implemented immediately and inexpensively as a software or firmware upgrade to most existing Wi-Fi CERTIFIED" access points and client devices with minimal degradation in network performance."
 
As you can see by those articles, many wireless cards CAN be upgraded from WEP to WPA with just a driver update. And yes - AES requires more 'horsepower' or processing power than WEP/WPA's RC4 encryption.

Be aware that anyone who desires can logon and edit wikipedia articles to say anything they want. If you're relying on factoids from wikipedia maybe you should note their source cites, and confirm them before making statements about standards contrary to facts stated in publications from the people who actually wrote the standard (e.g. wi-fi.org).
 
Even Steve Gibson acknowledged back in 2005 that WPA's TKIP'd RC4 encryption is crackable, AND that AES takes more processor power than RC4 - have a listen - http://media.grc.com/sn/SN-013.mp3 - it also talks about the virtual rootkit-backdoor sony's DRM CDs put on people's computers if they had autorun enabled and agreed to a EULA thinking they were just OKing the playing of multimedia files that were on the CDs... but it's mostly about WEP vs WPA vs WPA2 (and discusses RADIUS vs single passphrase as well), and they also mention that some devices may be upgradable with just a driver update.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now