Wednesday, June 02, 2004
Setting up wireless security is hard unless you put a hex on it.
CNN said recently that a lot of people leave their wireless networks insecure because it's the only way to get the equipment to work.
It's a real problem. The manufacturers have caused the problem with some mistakes and lack of standardization in their user interfaces. Right now there are three ways to have a fighting chance to get security working:
The wireless equipment tries to keep your transmitted data secret by scrambling it with a secret "key", which has to be the same on every device that can talk to your network. The key is simply a very big number. Computers are good at handling very big numbers and humans aren't. Unfortunately the WiFi equipment manufacturers force humans to tell the equipment what key to use.
Manufacturers try to make it easier for you to enter a key by asking for a passphrase instead (it's like a password, only longer). Then the equipment does some math starting on the passphrase and creates a very big number from the passphrase you type in. Unfortunately, not every manufacturer's equipment does the math the same way. Put the same passphrase into a Linksys® device and an Apple AirPort® device and they'll compute different keys and refuse to work together.
Maybe you can still get some Microsoft® wireless network equipment on clearance. Microsoft, bless their hearts, turned on security by default and let you configure keys by carrying a floppy around to each device.
If you buy everything from one company, then when something doesn't work it's harder for tech support to pass the buck.
The word "hex" here doesn't mean black magic, though it may certainly seem that way. It stands for "hexadecimal", a word you may see in setup dialogs and in manuals. It's simply a way of writing very big numbers. Hex is handy for computer use because every letter or number corresponds to exactly 4 bits. That ugly string above is 26 hex digits long so it could be a 26x4 or a 104-bit key. That's the length you need when you're setting up a "128-bit" key (you don't want to know why. It's like measuring a 2 by 4).
The advantage of doing something so painful is that you're typing in what the key really is. Unfortunately you're not out of the woods yet. Apple equipment thinks you're typing in a passphrase instead of a literal key unless you type "0x" or "$" in front of it. Oh, and you can't check your work either, because usually what you type shows up as "****" because it's a seekrit passwurd.
Computers enjoy very big numbers. WiFi manufacturers should let the equipment talk to its neighbors and decide what key to use. A few manufacturers are starting to do that. Maybe it'll catch on.
Buffalo Technologies has a nifty system where you press buttons on the access point and in the setup software, and the equipment sets itself up. Unfortunately it only works with Buffalo equipment. Unfortunately it only works with some Buffalo equipment.
Chip maker Broadcom builds the innards for many brands of WiFi equipment. Broadcom is trying to get WiFi manufacturers to use a technology called SecureEZSetup which also automates setting up the keys. So far Belkin has said they'll use SecureEZSetup in future products.
|
It's a real problem. The manufacturers have caused the problem with some mistakes and lack of standardization in their user interfaces. Right now there are three ways to have a fighting chance to get security working:
- Buy all your access points and wireless network cards from the same company
- Get used to typing strings of letters and numbers like 9E907DA0FFC30075EC61A8C3DC
- Wait and hope the situation gets better.
What's the problem, anyway?
The wireless equipment tries to keep your transmitted data secret by scrambling it with a secret "key", which has to be the same on every device that can talk to your network. The key is simply a very big number. Computers are good at handling very big numbers and humans aren't. Unfortunately the WiFi equipment manufacturers force humans to tell the equipment what key to use.
Manufacturers try to make it easier for you to enter a key by asking for a passphrase instead (it's like a password, only longer). Then the equipment does some math starting on the passphrase and creates a very big number from the passphrase you type in. Unfortunately, not every manufacturer's equipment does the math the same way. Put the same passphrase into a Linksys® device and an Apple AirPort® device and they'll compute different keys and refuse to work together.
Buying everything from the same company
Maybe you can still get some Microsoft® wireless network equipment on clearance. Microsoft, bless their hearts, turned on security by default and let you configure keys by carrying a floppy around to each device.
If you buy everything from one company, then when something doesn't work it's harder for tech support to pass the buck.
Putting a hex on it: typing things like 9E907DA0FFC30075EC61A8C3DC
The word "hex" here doesn't mean black magic, though it may certainly seem that way. It stands for "hexadecimal", a word you may see in setup dialogs and in manuals. It's simply a way of writing very big numbers. Hex is handy for computer use because every letter or number corresponds to exactly 4 bits. That ugly string above is 26 hex digits long so it could be a 26x4 or a 104-bit key. That's the length you need when you're setting up a "128-bit" key (you don't want to know why. It's like measuring a 2 by 4).
The advantage of doing something so painful is that you're typing in what the key really is. Unfortunately you're not out of the woods yet. Apple equipment thinks you're typing in a passphrase instead of a literal key unless you type "0x" or "$" in front of it. Oh, and you can't check your work either, because usually what you type shows up as "****" because it's a seekrit passwurd.
Waiting and hoping things get better
Computers enjoy very big numbers. WiFi manufacturers should let the equipment talk to its neighbors and decide what key to use. A few manufacturers are starting to do that. Maybe it'll catch on.
Buffalo Technologies has a nifty system where you press buttons on the access point and in the setup software, and the equipment sets itself up. Unfortunately it only works with Buffalo equipment. Unfortunately it only works with some Buffalo equipment.
Chip maker Broadcom builds the innards for many brands of WiFi equipment. Broadcom is trying to get WiFi manufacturers to use a technology called SecureEZSetup which also automates setting up the keys. So far Belkin has said they'll use SecureEZSetup in future products.
# posted by Frederick @ 5:27 PM Email to a friend:
Haloscan: they provide trackback