Problem with XP WEP security

[Birk Binnard]

The only way I can connect an XP system to my Linksys WRT54G wireless router
with WEP enabled is to manually enter into the XP wireless configuration
dialog the hex key generated by the router from the plain text keyword.

According to Linksys, XP generates a different set of WEP hex keys from the
same plain text keyword. I suggested this was a bug in the router firmware,
but of course Linksys said it was an XP problem.

Why is there a plain text keyword if the generated hex keys do not match?

 

[Malke]

The only way I can connect an XP system to my Linksys WRT54G wireless
router with WEP enabled is to manually enter into the XP wireless
configuration dialog the hex key generated by the router from the
plain text keyword.

According to Linksys, XP generates a different set of WEP hex keys
from the same plain text keyword. I suggested this was a bug in the
router firmware, but of course Linksys said it was an XP problem.

Why is there a plain text keyword if the generated hex keys do not
match?

I think you've gotten the WEP key hex confused with the passphrase.
Depending on the wireless hardware, you'll often be given the
opportunity to create a hex key by typing in an ASCII passphrase and
then clicking a "Generate" button to create the hex key. This is so you
don't have to come up with a good random hex key by yourself. Now
you've got your hex phrase on the wireless router.

You don't use the ASCII passphrase again. On the wireless client - your
laptop, for instance - you would enter the hex key; *not* the
passphrase.

Malke

 

[Birk Binnard]

Very interesting. I always thought the idea of the pass phrase was to
eliminate the need to remember the hex key. My (apparently incorrect)
understanding was that a given pass phrase would always generate the same
hex key -- thus allowing one to configure several machines for WEP access
via the same pass phrase.

My assumption was bolstered when I noticed the XP SP2 asks for a passphrase
when it finds a WEP router. Doesn;t it seem logical that it would do this so
it could generate a matching key?

I guess I better put the hex key onto my PDA.

 

[jeffrey]

Very interesting. I always thought the idea of the pass phrase was to
eliminate the need to remember the hex key. My (apparently incorrect)
understanding was that a given pass phrase would always generate the same
hex key -- thus allowing one to configure several machines for WEP access
via the same pass phrase.

My assumption was bolstered when I noticed the XP SP2 asks for a
passphrase when it finds a WEP router. Doesn;t it seem logical that it
would do this so it could generate a matching key?

I guess I better put the hex key onto my PDA.

 

[jeffrey]

Hi,

If all WEP passphrase generators created the same hex keys, then it would
defeat the purpose of a randomly generated keys. The Router being the main
connection to the other units for the connections would be the main unit,
the computers or other clients connecting to that main hub would then
require the keys the main unit is using. If they all would generate the
same keys from the passphrase, then the security would be defeated.

Jeff

 

[Malke]

Hi,

If all WEP passphrase generators created the same hex keys, then it
would
defeat the purpose of a randomly generated keys. The Router being the
main connection to the other units for the connections would be the
main unit, the computers or other clients connecting to that main hub
would then
require the keys the main unit is using. If they all would generate
the same keys from the passphrase, then the security would be
defeated.

Jeff

Glad you figured it out. ;-)

Malke

 

[Birk Binnard]

Well, sure. I mean, isn't the idea for encrypting access to a router to
prevent unauthorized people from getting to it? So if there's a group of
people who are authorized to use a router, what's wrong with them all using
the same router passphrase/key? If I were the admin. for such a group I'd
like it better if there was a single phrase I could remember that would
allow me to add/delete users at will.

By keying in the same hex key on each user's PC the net effect is the same,
exce;t you have to go through thte trouble of rememering the hex code.

 

[jeffrey]

Hi,

The main point is, one unit is the primary, it creates the Keys the others
will use to access it. You don`t want other units to make keys if they are
just the user not the primary. Once you set up the wep hex key on the
computers for access, you don`t need to remember it anymore, the computer
does that for you. But what happens if someone figured out your passphrase?
Then they can access anything. So each system that creates a WEP key,
generates different keys to the phrase, instead of all creating the same
keys. That`s why you use the phrase to create the keys and each different
units that is the primary will never create the same set of keys to the same
phrase, preventing people from gaining access if they discover the
passphrase. The users shouldn`t have that knowledge, just the admins who
setup the computers, so security can never be comprimised.