Misc WPA vs WEP

[lebkin]

I am no internet security expert; my knowledge is pretty limited. But it was my understanding that WPA/WPA2 is far more secure than WEP. Thus I was told that given the choice, you should always use WPA. So that is what I set my home network up as.

But the Nintendo DS doesn't like WPA. It won't even talk to it; using the WiFi on the DS requires WEP. Does anyone know the reason for this? It seems to a layman's viewpoint a very poor choice. There seems to be no good reason not to support both WEP and WPA/WPA2. I'd love to hear a good explanation.

 

[Hitto]

The DS is a pretty weak machine.

Even weaker is the fact that people still are scared about their home wifi network being hacked. If you live on the MIT campus, sure, that might happen, but in the suburbs, I can assure you that my three different wifi routers and access points are ALL named "useme", are on WEP and with either 5-character or no password at all, and for the last year and a half, still haven't seen ONE connection from strangers.

tl;dr : stop the fucking paranoia, guys. It's just unhealthy.

 

[iisdev]

post deleted by author.
reason: CNET affiliation

 

[ik777]

oh that wpa project was just what i needed

 

[Flyfishing]

The only one that I know of now is the WiFi Connection WPA Project:

http://geekboy.ca/wifi/?page_id=10

The lack of documentation and awareness of the project is suspect though..

That was proven fake. DS doesn't and will most likely never support WPA.

 

[Xandros]

The only one that I know of now is the WiFi Connection WPA Project:

http://geekboy.ca/wifi/?page_id=10

The lack of documentation and awareness of the project is suspect though..That was proven fake. DS doesn't and will most likely never support WPA.

Sorry for bumping this topic back from the dead but I just wondered where/how it was determined the project was a fake? I'm not questioning if it is or not, I'd just like to know who found out and how.

I had my suspicions it was fake. First of all there was the fact no one had ever commented on if they'd got it to work or not (most comments revolved around "What's EZ Loader" and "Has anyone got this to work". There were no screenshots showing it working either. Plus, the latest release of the firmware appeared to be broken or something, the zip file that was downloaded was labelled as the lates version but the file inside was really small and appaently corrupt and was labelled as the first release version. Lastly the site also had no updates since january, until it got taken offline a while back - for quite some weeks the wifi section of the geekboy site kept throwing out not found errors, but I noticed this morning its come back online, but with a new note saying he got a cease and desist note from Nintendo so he's conveniently had to remov the firmware.

... I haven't seen anyone anywhere say this was fake except here, but as I've just pointed out I had suspicions before. I'm still kind of hoping I guess the DS would one day support WPA...

 

[recover]

Nintendo has stated that they only support WEP since "it's the most widely used standard".
Is this correct or is it only because the DS wouldn't have the processing power required?

 

[Lumstar]

Making homebrew support WPA shouldn't be difficult. But, commercial games are unlikely since WEP isn't in Nintendo's wi-fi setup menu.

 

[notnarb]

I'm fairly sure that the wifi menu is integrated into each game instead of the ds, I'm basing this off of the fact that the wifi menu goes off the cart's region instead of the ds's language. If that's true, then nintendo allowing wpa access would be pretty pointless as just about every good wifi game that is going to ever have been made, has already been made.

 

[Cyan]

sorry, I will speak about the starter subject only, even if it's outdated now.

No. Deliberately weakening your network security in response to someone else's (hardware) policy is unhealthy. You are at risk if you continue to use WEP. It is a fact.

The latest attack can compromise your security in 1-2 minutes. That's the time that it takes to collect data. The actual calculation took 3 *seconds* on a notebook-grade cpu.

what security risk do you speak ?

I'm thinking the same as Hitto, I have an opened Wi-Fi called "DS Wii-fi". I even once named the SSID "Wifi of *myname* just ask me to get access for free". Nobody used it ever.
And if it were the case, what could happen ? they will use my bandwidth ? great for them.

They will access my private folders ? great for them, they will find roms to play with, anime to watch, US TV series to see before everyone, good for them I'm willing to share

I'm not sharing all my computer, and sensible folders are password protected or not shared.


If it's only a risk for data transmitted over the wifi (like credit card while paying on a secure website ? to bad it's secured), I think as Hitto, I'm not on a Campus. My Wi-Fi is not expanding very far, if I go outside my home there is no signal, only very near neighbors may receive it.
In all my neighborhood I may be the only one geek enough to know what a WEP is, or to know how to use computer for something else than ebay and IE. If they really want to crack, they will need a very specific computer/router/WiFi chipset, and with that pro materials they don't need to crack a computer to use internet, they have their own access and their own better programs than anyone else. I don't think they are attracted by poor neighbors data near them. someone willing to crack a computer have far better data than poor user, and it doesn't need anything form them.
Now if you fear your data to be deleted, you lack chance if you found a villain hacker.


Now tell me you are a very important company with sensible data, bank, school, army, NOW i understand the need of a security protocol.


Edit :
Now I'm under mac address filtering, even if I know Linux can spoof mac address easily.
Like you said Phil, you need to know computer very well before that ^^

 

[legendofphil]

You don't need any WEP or WPA if your router can limit connections by MAC addresses.
Granted you can spoof a MAC address but you would need to know it in the first place.

 

[notnarb]

Disable ssid broadcasting? Then no one (should) even know that there is a wifi connection there for them to hack into

 

[Hitto]

Now tell me you are a very important company with sensible data, bank, school, army, NOW i understand the need of a security protocol.

His name is iisdev, for fuck's sake! If his name was apachedev, I would have listened to him

 

[Modrak]

... are on WEP and with either 5-character or no password at all...

How do I set up a WEP with no password at all may I ask ?

 

[Cyan]

no, he said either
- wep with 5 digit
- no password

edit :
His "either" is not well placed.

 

[jpxdude]

google aircrack

both WEP and WPA are relatively easy to crack for people that want to do it, there are linux CD distributions available just for that purpose. Also, even disabling SSID isn't safe with the right tools...

Of course, that being said like mentioned above, unless you're running a business of some sort it doesn't really matter, you'd only be targetted in this instance for bandwidth as a home user (likeliest) *shurgs*

Probably the safest method if youre reaaally concerned is certificates authenticating a certificate server.

 

[jelbo]

In addition to a long WEP key I added the MAC addresses of our 3 DS Lites to the whitelist of MAC addresses. Is that easily hackable as well?

 

[Hitto]

... are on WEP and with either 5-character or no password at all...


How do I set up a WEP with no password at all may I ask ?

I use the nintendo usb key with the hacked drivers; in the config utility, there's an option to say "data encryption diasbled" and "network authentication open"; Works fine with the DS and PSP.

I *did* misplace the word "either" now that you mention it! My bad!

 

[Dylaan]

I went war-driving with my DS today just to see how many routers I could pick up... Maybe one of them had WPA, all the rest were either open or using WEP... I don't use MAC-Filtering, I figure most of the houses near-by would be the first target... Should I be?

I really wish the DS would support WPA, I've got a USB connector but I don't leave my PC on. I think the settings are stored on the DS, reason being when you run some homebrew you have to run a WiFi enabled game first. I'd really like to see some way to utilise WPA, even if it was only homebrew!

 

[kwerdenker]

You don't need any WEP or WPA if your router can limit connections by MAC addresses.
Granted you can spoof a MAC address but you would need to know it in the first place.


that's easy to find out. you just need something like wireshark (a.k.a etheral) to listen to your wlan traffic and then you easily can find out any mac and ip address used in the network. ok, it's only so easy if you use no encryption and wep is considered as "no encryption" because it's so easy to crack.

Disable ssid broadcasting? Then no one (should) even know that there is a wifi connection there for them to hack into


also wrong. with wireshark and the right hardware you can listen to all wireless transfer around you (at last, it is a shared medium) and can find out the ssid of any network you can reach.

jelbo

In addition to a long WEP key I added the MAC addresses of our 3 DS Lites to the whitelist of MAC addresses. Is that easily hackable as well?

yes. see my answer above.

@cyan
i don't know how it's handled in france but in germany you have to secure your network or else you are responsible for everything that happens through it. if someone i.e. uses your network to go online and surf for child pornography, downloads music/films/games, starts an attack on another network, etc. you'll have a hell of a time explaining that to the police. in the end you as the "admin" of your internet connection are responsible for it.

so yes, security for your homenetwork is important!