Is WPA-PSK by itself a good security measure?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

St!nkf!nger

Thread Starter
Joined
Aug 24, 2003
Messages
236
I disabled SSID broadcast and enabled WPA preshared key encryption. It took a while to figure it out, but everything works great now. I was wondering if the two measures that I've employed are strong enough to keep intruders out. From the reading I've done it seems like WPA is the strongest type available to me, but is it enough?
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
80,763
WPA-PSK with a strong passphrase (minimum of 20 letters, numbers and special characters mixed) has never been broken. If somebody is holding a gun to your head and asking for the passphrase that may not be enough, but it's the best we have (other than WPA2).

Disabling your SSID broadcast makes your network more difficult to use; it does not stop crooks as they quickly discern your SSID from the other packets that contain it and that are transmitted in clear text.
 

St!nkf!nger

Thread Starter
Joined
Aug 24, 2003
Messages
236
TerryNet said:
WPA-PSK with a strong passphrase (minimum of 20 letters, numbers and special characters mixed) has never been broken. If somebody is holding a gun to your head and asking for the passphrase that may not be enough, but it's the best we have (other than WPA2).

Disabling your SSID broadcast makes your network more difficult to use; it does not stop crooks as they quickly discern your SSID from the other packets that contain it and that are transmitted in clear text.

So the SSID is more of a cosmetic thing rather than a solid security measure? If that's the case I'll turn it back on.

Here's a question: When I set up the WPA on my Linksys router, there's a "WPA Shared Key" field that I'm required to enter something into. So I enter a simple to remember key, I chose a simple key to simplify the network setup. There's another field that's called "group key renewal" that's set at 3600 seconds. Now I'm guessing this is the time in between key renewals (which is done randomly, correct?), so if I were to check back every hour wouldn't the WPA Shared Key value be different? In my case it's not, it's always what I set it to be in the router config. Is this even how WPA works?

So if my WPA is (eventually) set up correctly can I get away with using only WPA for my security needs?
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
80,763
You won't see the passphrase change because of TKIP (Temporal Key Integrity Protocol) but I understand that somehow the devices are synched and they internally change the key they are using and this is one of the strengths of WPA.

WPA with a strong passphrase has not been broken (at least nobody has made a claim). Everything else has been broken.
 

JohnWill

Retired Moderator
Joined
Oct 19, 2002
Messages
106,425
Terry is right, use a strong key and WPA/WPA2, you're quite secure. :)
 

St!nkf!nger

Thread Starter
Joined
Aug 24, 2003
Messages
236
Thanks guys. Here's another quick question. With WPA enabled will my Nintendo DS and Wii be able to access the network? I'm guessing they don't have the tech onboard to enter the keys so they can communicate.
 

cwwozniak

Chuck
Trusted Advisor
Spam Fighter
Joined
Nov 28, 2005
Messages
66,508
St!nkf!nger said:
With WPA enabled will my Nintendo DS and Wii be able to access the network?
Not sure about the Wii but the Nintendo DS only supports using much weaker WEP encryption.
 
Joined
Feb 1, 2007
Messages
310
cwwozniak said:
Not sure about the Wii but the Nintendo DS only supports using much weaker WEP encryption.
It'll work perfect with the Wii... But you're SOL when it comes to the DS =/. I ran into the same exact problem.

Nintendo's solution is buying their $40 USB WiFi stick, which works with the DS and the Wii. Just shares your internet connection to Nintedo products.

My soultion was digging out my old 802.11b router and hooking it to a spare NIC card on my PC and sharing the internet connection with ICS (Internet connection sharing). I used WEP, MAC filtering, DCHP off (have to staticly set IP's), and unbroadcasted SIDD. Almost the same thing as Nintendo's USB stick if you have the parts just laying around.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top