Page 224 - StudyBook.pdf
P. 224
208 Chapter 4 • Communication Security: Wireless
A number of wireless devices, such as the Linksys WAP11 shown
above, allow the use of a passphrase to generate the WEP keys. This
helps simplify the process of generating new keys. However, potential
attackers may know the algorithm for generating the keys from a
passphrase, so it is necessary to choose hard-to-guess passphrases if
using this method to generate keys.
The Linksys WAP11 allows administrators to create WEP keys using
hexadecimal digits only. Other APs give the choice of creating WEP keys
using either ASCII characters or HEX digits. The advantage of using ASCII
characters is that there are fewer of them to type in: 13 characters
versus 26 hexadecimal digits to create a 104-bit key length. The conve-
nience of using ASCII characters is even more apparent when the wire-
less client is Windows XP with Service Pack 1 (SP1) installed. SP1 changes
the wireless interface so that the WEP keys have to be configured using
ASCII characters. If an AP only supports the use of hexadecimal digits for
the WEP key, the hexadecimal digits have to be converted to ASCII char-
acters to configure the Windows XP SP1 clients.
Once the AP is configured with the WEP keys, the wireless interface is
configured with the WEP key corresponding to the one WEP key currently
being used by the AP. (Remember, both the wireless client and the AP
have to use the same WEP key as a kind of shared secret. If there is no
available mechanism to automate the distribution and configuration of
dynamic WEP keys, they must be manually configured.) Windows XP
allows for the configuration of only one WEP key per SSID profile. Figure
4.11 shows the property page for configuring WEP keys on Windows XP.
Figure 4.11 Configuring a Static WEP Key on Windows XP
www.syngress.com
