<%image(20060811-wireless access point.jpg|136|94|Secure that router!)%>
I was digging though some of my links today and noticed I had bookmarked a really good demo of how to crack WEP in 10 easy steps easily using free tools that you can download from the Internet (WHAX Live CD Distro, Aircrack, etc…).
This once again shows how important it is that you use a “more” secure encryption like WPA. Most home cable/dsl wireless routers should now support the WPA-PSK (pre-shared key) standard. This should include vendors like Linksys, Dlink, and Netgear. Many home users don’t know why WPA is so insecure and why WPA-PSK is the best way to secure a home wireless network.
What is WPA-PSK?
WPA-PSK is a mode of WPA that is for home users without enterprise authentication requirements (business). WPA-PSK overcomes the major encryption issues with WEP, however, a weak WPA passphrase can be cracked in less then 30 seconds if a bad guy can manage to trick your wireless access point to reveal it’s intial handshake with the wireless client. Don’t confuse passphrase with password as they are totally different. A good example of a weak passphrase that can be easily cracked is something like “myaccesspoint” or “passphrase”. A bad guy can take this handshake data and crack your pre-shared key with a brute force or dictionary attack. The only defense against this type of attack is to use a long passphrase that would take years to crack even with the powerful computers we use today.
How to create a good passphrase?
The best way that I have found to create a good passphrase is to use a secure password generator website like the one Steve Gibson has created. What is nice about Steve’s website is that you can use this password page to generate a 64 random hex or 63 random ASCII/alpha-numeric passphrase (which one depends on what your router can handle) which is completly unique to you.
Once you have this passphrase you and copy/paste this into a blank text file and save it to a USB drive, floppy disk (if you still have these..), or burn it to a CD-R. With this text file you can then copy/paste the passphrase into your wireless access point configuration as well as your wireless clients. Keeping it on a remote device like a USB drive ensures you will have it for safekeeping. I keep mine locked away in my home safe with my other important documents.
This is the most recommended way to setup WPA-PSK on your home network. While there are more methods to properly secure a home wireless network, I will be discusing these in a future article.