Windows XP Pro WPA2

[Jim]

I'm helping a friend who's having difficulty gettting WPA2 WiFi security to
work on his Windows XP Pro Japanese version. He doesn't have WPA2 selection
on his Windows Wireless Network Connection. The only options available are
Open, WEP and WPA (I can't remember exactly). There is no WPA2 selection.

I downloaded KB893357 Japanese version. Installed the patch. Restarted the
PC. I then went back to WiFi settings. There's no WPA2 entry there. I did
exactly the same patching on my XP Home English version. I can see WPA2
option in Windows Wireless Network drop down box after the patch is intalled
(WPA2 doesn't exist without KB893357).

Btw, he's using Buffalo WLI-U2K-AMG54 USB Wireless LAN device. Googling
leads me to (of course) Japanese version of Buffalo product. The only
difference between his notebook and mine is I'm using Intel 2200BG wireless
LAN device. I don't think the issue is his Buffalo wifi NIC inability to use
WPA2. Or is it?

Has anyone come across this problem (after installing KB893357, WPA2 option
is still not there)?

 

[Jim]

Correction:

The only options available are
Open, WEP and WPA (I can't remember exactly).

I should've said:
The only options available are: Open, Shared, WPA and WPA-PSK

 

[Bjarke Andersen]

I downloaded KB893357 Japanese version. Installed the patch. Restarted
the PC. I then went back to WiFi settings. There's no WPA2 entry
there. I did exactly the same patching on my XP Home English version.
I can see WPA2 option in Windows Wireless Network drop down box after
the patch is intalled (WPA2 doesn't exist without KB893357).

WPA is installed.

Btw, he's using Buffalo WLI-U2K-AMG54 USB Wireless LAN device.
Googling leads me to (of course) Japanese version of Buffalo product.
The only difference between his notebook and mine is I'm using Intel
2200BG wireless LAN device. I don't think the issue is his Buffalo
wifi NIC inability to use WPA2. Or is it?

Real product numnber is WLI-U2-KAMG54. This product is _not_ WPA2
compliant, and therefore you will be presented the WPA2 options.

 

[Jim]

You're correct. It's WLI-U2K-AMG54 USB wireless LAN device. I search
buffalotech USA site for similar product. I found WLI-U2-KG54-AI:
http://www.buffalotech.com/products...ychain-usb-20-adapter-with-auto-installation/

Indeed it says WPA-PSK (AES, TKIP) and 128/64-bit WEP security support.
There's no mention of WPA2. I guess I'll have to lower the access point
security from WPA2 to WPA-PSK with AES.

 

[Lem]

You're correct. It's WLI-U2K-AMG54 USB wireless LAN device. I search
buffalotech USA site for similar product. I found WLI-U2-KG54-AI:
http://www.buffalotech.com/products...ychain-usb-20-adapter-with-auto-installation/

Indeed it says WPA-PSK (AES, TKIP) and 128/64-bit WEP security support.
There's no mention of WPA2. I guess I'll have to lower the access point
security from WPA2 to WPA-PSK with AES.

For practical purposes, WPA-PSK with AES is equivalent to WPA2. MVP
Jack sometimes calls WPA-PSK with AES "entry level WPA2."

--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm

 

[Jim]

I set my shared key to 50 (random) characters long, including digits,
upper/lower case letters, and some !#$%^&*+-=) characters. You think it's
good enough? It's better than 49 chars long, right?

 

[Lem]

I set my shared key to 50 (random) characters long, including digits,
upper/lower case letters, and some !#$%^&*+-=) characters. You think it's
good enough? It's better than 49 chars long, right?

The main problem with a key like that is that unless you're a very
unusual individual, you'll have to write it down somewhere. A
50-character non-dictionary password that also comprises
non-alphanumeric symbols is overkill -- but that doesn't mean you
shouldn't keep it.

I won't say that there are as many different opinions on optimum key
length as there are cryptographic experts, but there certainly is a
difference of opinion. Here's an article on the topic that's still
interesting, even if it is around 9 years old:
http://www.windowsecurity.com/uplarticle/4/keylength.txt

Note particularly the discussion about the difference between
"passwords" (which is what your 50-character "shared key" really is) and
cryptographic keys. BTW, the AES competition mentioned in the article
was resolved in November 1991.


--
Lem -- MS-MVP

To the moon and back with 2K words of RAM and 36K words of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
http://history.nasa.gov/afj/compessay.htm

 

[Bjarke Andersen]

I set my shared key to 50 (random) characters long, including digits,
upper/lower case letters, and some !#$%^&*+-=) characters. You think
it's good enough? It's better than 49 chars long, right?

As Jim stated it really much depends on what you weigh most.

Optimum security or optimum userfriendly.

There are many sites on the internet which can generate a 64bit random
cipher for you. These make a very secure network, since the key for WPA
today can only be bruteforced.

These sites however, also recommend you save the cipher in a text file on a
USB drive or somewhere with easy access.
Simply because a code like
nWlyOJuC.WMH\:!K@a!\&K83LjLex,6)'"ihwU&UI=]U^&t=oRK|U&1}=!R~C%\
can be very hard and tired to enter on multiple PCs or friends who needs to
borrow your internet.

A code like Th!sC0de!sVerySecret4Me may not be quite as strong as the
previous one, but in my sense with a bruteforce attack it would still need
to some hours to crack it.

 

[John]

As Jim stated it really much depends on what you weigh most.

You meant Lem, didn't you?

Optimum security or optimum userfriendly.

That's true but how often do you have to type a shared key? Once. That's it.
Well of course it's a different story if you have many WiFi clients. There
are only 3 or less WiFi clients in a typical home setup.

These sites however, also recommend you save the cipher in a text file on
a
USB drive or somewhere with easy access.

or save it nowhere. It's already saved in the WiFi Access Point. Just
remember AP password (make it easier to remember) to get into the settings.
Also, disable AP access over the air so everyone must have a physical access
to the AP in order to get into the settings page. If necessary, lock the AP
in a safe box.

Simply because a code like
nWlyOJuC.WMH\:!K@a!\&K83LjLex,6)'"ihwU&UI=]U^&t=oRK|U&1}=!R~C%\

CRAP!!! How did you know my shared key? Lucky guess. Gotta change it when I
get home

can be very hard and tired to enter on multiple PCs or friends who needs
to
borrow your internet.

Easy. Use ethernet cable. Login to AP settings interface. Copy and paste the
shared key Unplug cable. VOILA! Nothing to remember, nothing to type.
Or.. your USB thing might work too. Just don't lose the USB flash drive.
You've got to be a real genius if you can remember 50 random chars and
correctly type them when joining a WiFi network.

 

[Bjarke Andersen]

You meant Lem, didn't you?
Yes

or save it nowhere. It's already saved in the WiFi Access Point. Just
remember AP password (make it easier to remember) to get into the
settings. Also, disable AP access over the air so everyone must have a
physical access to the AP in order to get into the settings page. If
necessary, lock the AP in a safe box.

But not all AP/Routers present the Shared key in cleartext.

Easy. Use ethernet cable. Login to AP settings interface. Copy and
paste the shared key Unplug cable. VOILA! Nothing to remember,
nothing to type. Or.. your USB thing might work too. Just don't lose
the USB flash drive. You've got to be a real genius if you can
remember 50 random chars and correctly type them when joining a WiFi
network.

Again if your router/AP shows the key in clear-text this would be an
option.

 

[blackky]

hello

 

[John]

Of course. Thanks Bjarke.

But not all AP/Routers present the Shared key in cleartext.


Again if your router/AP shows the key in clear-text this would be an
option.