Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1805
  • Last Modified:

wpa2-psk unavailable

My laptop uses D-link Air DWL-650 wireless network adapter. Os win xp sp3.
I've configured my wireless router to use wpa2-psk, but unable to find that option on the laptop when configuring the network - only wpa-psk is available (besides wep, wpa, and other stuff).
I can use wpa-psk but prefer wpa2-psk.
I have two questions:
1) How can I get this option available on the laptop (I thought sp3 should include it already)?
2) Does it worth the effort?

Thanks.
0
drory
Asked:
drory
  • 3
  • 3
1 Solution
 
rootforceCommented:
Are you using windows to configure your wireless network card or the manufacturers tool?
0
 
droryAuthor Commented:
I'm using windows.
0
 
Darr247Commented:
The hardware needs to support WPA2. Any device with the WiFi logo had to be upgradable from WEP to WPA with just a driver update, but WPA2's AES encryption typically needs heftier processing than WEP and WPA's RC-4 encryption required.
Some were able to add AES encryption to WPA, too... and even though AES is practically unbreakable (if using a truly random password to prevent dictionary cracks), it still adds overhead by including the password in every packet (WEP and WPA's RC-4 encryption, on the other hand, can be broken by collecting just 5-10 minutes worth of packets using aircrack, et al).

And I can't recall any 11b-only cards that supported WPA2, btw.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
droryAuthor Commented:
Darr247 thank you.
So just to complete the big picture, is it true that WPA-PSK with AES has the same security problem as WPA AES (without PSK)?
0
 
Darr247Commented:
PSK = pre-shared key. That's as opposed to enterprise or 802.1x, which authenticates using certificates or username/password unique to each user (e.g. via IAS/RADIUS server).

To what security problem are you referring?
0
 
droryAuthor Commented:
Is it possible to crack WPA-PSK AES in 5-10 minutes as regular WPA AES?
0
 
Darr247Commented:
Not yet, no.

If Moore's Law holds true and computer processor power continues doubling approximately every 18-months, in about 100 years you should be able to build a distributed computing project using a few trillion (that's 12 zeros here in the US) computers and be able to crack 128-bit AES in only a few days.

If you have something that says AES has been cracked, I'm not the only one that would like to see it. :-)

It's WPA-TKIP that can be cracked (to expose the encrypted data, not reverse engineer the original passphrase) by gathering only 5-10 minutes of packets... that's RC-4 encryption, not AES.... then you would need to repeat those steps (gather, break, decrypt) every time the password is incrememented along the vectors. Still, it means your data is not ''secure'' (if you desire your data to be ''secure'') when using WPA-TKIP... note that WPA-AES is NOT part of the WPA 'standard' and not all devices support it. ''WPA'' is WEP + TKIP, and was a quick fix to shore up security until WPA2 could be implemented. If you have devices that don't support WPA2 (or at least WPA-AES), I recommend replacing them, chopping the gold-plated conductor tabs off for reclaim, then recycling the rest of the pieces. But even version 1.0 of WRT54G (that's pre-Cisco) and WRT54GS wireless routers support WPA2 with a firmware update, so they would need be fairly ancient devices, in computer-hardware terms, to not support WPA2.

Now, if for a password you use your name, or your mother's name, or anything/anyone's name, or any word in any-language dictionary, that makes a brute-force crack much more likely (no matter what encryption method is used), and you're not serious about security.
Personally, I use the (128-bit) MD5 hash of a word and add a few numbers to it that are significant to me, to make a 36-character pseudo-random password that's easily recreatable (I have a free MD5 generator on all my computers and if you google MD5 Generator you'll see how ubiquitous they are). So if you'd like to break into my WLANs or decrypt packets captured from them, there - I've given you a head start... There are only 1.532 x 10^54 possible combinations if you limit your guesses to passphrases consisting of 32-place HEX-character + 4-place 0-9 character - have at it.  :-)

Here's a quote from the Technoracle (http://technoracle.blogspot.com), blogging about AES:
To give you an idea of the complexity of the resulting decryption process, to crack a 128 bit key would take approximately 3.4 x 10^38 guesses assuming the correct key was the last one you tried. To place this in perspective, is estimated that if a DES key generator were able to discover 1 DES key per second, it would take 149 thousand-billion (149 trillion) years to crack a single 128 bit AES key. As a side note, most physicists accept that the universe is approximately 20 billion years old.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now