Question on Passphrase vs 'Network Key'

Question

I am trying to put a new Inspiron 600m (with a Dell 1350 802.11g/b card) on my existing Belkin access point using 128 bit WEP.  I've always used a passphrase with the existing computers, but on the 600m I only get a field entry for a 'Network Key'   I get this when using the Dell wireless LAN utility and doing a 'Configure' of the available network. When I enter the existing passphrase, I get the error that 'the network password needs to be 40bits or 104 bits which can be entered as 5 or 13 ascii characters.    Am I looking at the wrong place here - is there somewhere where I can configure this with a non-fixed-length passphrase or do I need to change the passphrase on my existing access point to confirm to the 5/13 ascii character length.   Thanks in advance, ChipO

jwatt · Answer

ChipO,

The problem with passphrase generators is that they're proprietary to the router/wireless card manufacturer.

If both the Belkin and the Dell 1350 are capable of displaying HEX keys, the best approach is to generate the keys on one device and paste them into the appropriate fields on the other one. Note that 128 bit WEP needs 26 HEX characters or 13 ASCII characters. That's a total of 104 bits, plus the 24-bit "initialization vector" generated by the router, giving a total of 128 bits.

ChipO · Answer

Thanks for the info.  I hadn't configured the AP for some time.  I see now that I can enter the 26 hex numbers instead of the passphrase.  I also see what ELSE I forgot about.  I use MAC address filtering and I never enabled it for the new 600m.   OK, here's another question if you're still here.  I believe I've entered - at most - 4 MAC addresses into the AP manager config utility.  I haven't looked at the AP configuration for quite some time - but now - there are SIX MAC addresses listed in the filter!   The AP is password protected.   Is it possible that someone has gotten by both my WEP and MAC AF and put their own MACs in my access point ?  Is the sky falling ?    The next thing you know there will be a presidential election and we will never know who actually wins.  Now come on, what are the odds of that???   Thanks again

jwatt · Answer

I use MAC address filtering and I never enabled it for the new 600m.

Sigh...I spent several hours figuring out that I hadn't added the MAC address of a new wireless card to my APs once!

OK, here's another question if you're still here. I believe I've entered - at most - 4 MAC addresses into the AP manager config utility. I haven't looked at the AP configuration for quite some time - but now - there are SIX MAC addresses listed in the filter!

That's potentially serious. As you probably know, WEP isn't very secure, but it would have taken a very determined intruder to decode enough 128-bit WEP to create the keys and break into the router, especially given that you'd changed the AP's password. But it's not impossible.

You can look up the vendor code of the added MAC addresses here. The first three octets of the MAC address should be entered, with dashes separating each two characters. Two characters are needed for each octet, so you may need to supply a leading zero, as I did in the example listed below.

See if you recognize the vendors that are listed.

For example, a search for 00-02-2d returns Agere Systems, the maker of the Truemobile 1150 mini-PCI card installed in my laptop.

I'd change the WEP keys and the password in the AP and delete the "foreign" entries. WPA is much more secure, but it has to available on all the PCs and the AP.

Jim

NemesisDB · Answer

Worst case, someone *may* have broken in. First things first though, compare those MAC addresses to the wireless and ethernet addresses of all your existing hardware to make sure they're not legit. If they're not, then remove them. Then change your SSID (and disable broadcast if your clients can deal with that). Reduce broadcast power as well if your clients can handle it. Change your WEP key (preferably with hex or ascii combinations you randomly create as passphrase based creation is apparently less than random). Make sure authentication is set to open and not shared as shared is easier to break.

On your internal network side (if you have filesharing and such enabled), firewall each client computer (SP2's or 3rd party). Assign static IPs to each client in your network (or use static DHCP) and set each client to only allow file/printsharing between other known IPs on your internal network. This way if someone does get in, they get free net access but are limited in their ability to mess with your home systems.

On a final note concerning your passphrase problem, I often find that letting window's manage wireless cards (especially with XP SP2) is preferable and easier than using card specific utilities -- your choice, of course, but if your having problems with one, try the other.

Networking, Internet, & Bluetooth

Question on Passphrase vs "Network Key"

Was this post helpful?