On 30/05/07 20:51, Neil Greenwood wrote: > On 30/05/07, Andrew Price <[EMAIL PROTECTED]> wrote: >> I'm sure someone will mention this next bit so I'll get there first: WEP >> has been found to be quite easy to circumvent, so it's not that good a >> way of securing a wireless network, but it's better than nothing and >> it's still used quite widely. > > Sorry, but that's not correct. It's not better than nothing - at least > with nothing you don't think you're secure! > > It takes about 2-3 minutes to capture enough wireless traffic to crack > WEP now, followed by a few seconds of CPU time. > > WEP is now totally worthless. If you can, use WPA or WPA-2 instead. If > your hardware only supports WEP, don't use it and set up a VPN > (virtual private network - this encrypts all the data being sent over > the air). > > I'd guess this is far too technical for the original poster, but I > just wanted to point out how broken WEP is.
Hi Neil, you're absolutely correct. I'll explain. My aim was to simplify the whole explanation of WEP keys and I just dropped that "it's better than nothing" in as a nicety. Considering that WEP is still the most used and most widely supported method of securing a wireless network, I felt it was justified to not scare a new wireless user away from that technology. I didn't want to go off on a "you shouldn't use WEP! bad bad!" tangent because that's not a helpful way to explain things clearly and answer the question directly. I'm sure you've all seen it before, if you give too much technical information and too many at once, people are likely to throw their hands up and back away from the technology because it seems like too much hassle. I'm always wary of doing that. It's a case of being too helpful. Of course, if I was going to argue that point of WEP being better than nothing my argument would be this: If you have an open wireless network with no security at all, then it's harder to say that someone has broken into your system and stolen your internet service (or whatever the legal jargon is in these cases) because they could argue that they were just walking by with their mobile device and the device automatically associated itself with the access point, or something similar. If you force someone to put some effort into breaking the security on your network (admittedly, not much effort is required to crack WEP) then you at least have some ground to stand on. I personally use WPA on a daily basis and, although it's more secure than WEP (for now, until someone inevitably discovers a weakness), I'm finding that software like network-manager and the Ubuntu installer just don't support it, despite having a wireless card with open source drivers, which is a bit of a pain. I could probably crack my neighbour's WEP key in a short amount of time and use their network connection instead but because I have morals and any kind of security on a network says to me "please, stay out unless you have permission", I would never do such a thing. Well, that was a bit of an essay, I hope I've explained myself clearly, and I apologise for disseminating arguably erroneous information :) -- Andy Price http://andrewprice.me.uk -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
