PDA

View Full Version : better way to enter wireless key??



rov
2008-11-18, 07:33
i've 2 sb3 units for which i need to update the wireless key. it's pretty darn long and the last time i had to do this it took several tries for each unit to get the key input correctly. my issue seems to be the remote is occasionally sluggish so i'm pressing keys that don't get recorded.

it would be REALLY nice if i could connect the sb3 via ethernet and somehow type via keyboard or cut & paste the key, rather than use the remote. is this not yet possible, even with sc 7.2???

thx,
rov

toby10
2008-11-18, 09:21
i've 2 sb3 units for which i need to update the wireless key. it's pretty darn long and the last time i had to do this it took several tries for each unit to get the key input correctly. my issue seems to be the remote is occasionally sluggish so i'm pressing keys that don't get recorded.

it would be REALLY nice if i could connect the sb3 via ethernet and somehow type via keyboard or cut & paste the key, rather than use the remote. is this not yet possible, even with sc 7.2???

thx,
rov

That would be a nice feature, and no it is not available in 7.2
Another issue is that a blank space can be inadvertently entered and not even know it.

I recently went to WPA2-AES with a 63 digit pass code, so I feel your pain! :)

Goodsounds
2008-11-18, 09:54
i've 2 sb3 units for which i need to update the wireless key. it's pretty darn long and the last time i had to do this it took several tries for each unit to get the key input correctly. my issue seems to be the remote is occasionally sluggish so i'm pressing keys that don't get recorded.

it would be REALLY nice if i could connect the sb3 via ethernet and somehow type via keyboard or cut & paste the key, rather than use the remote. is this not yet possible, even with sc 7.2???

thx,
rov

Are you concerned with use of your internet connection, access to files, or something else? Seems like there ought to be a less unwieldy way to handle security to your satisfaction.

ajmitchell
2008-11-18, 10:00
Another issue is that a blank space can be inadvertently entered and not even know it.



I recently added a SB2 to an existing WPA network and inadvertently entered an extra space after the pass. No amount of hard resets, pluging and unplugiing would remove the errant space. In the end the only way to solve it was to connect WIRED and then on restarting I could enter a new pass...more carefully!!

This is a serious issue, perhaps deserves a bug report>??

alex

rov
2008-11-18, 10:25
Are you concerned with use of your internet connection, access to files, or something else? Seems like there ought to be a less unwieldy way to handle security to your satisfaction.

well i recently upgraded my router to draft-n, so practically the entire neighborhood can see our wireless network. i have several pcs on the wireless side and all are locked down as tight as i know how - mac filtering, no ssid broadcast, and wpa2-aes wireless key. which means i either have to do the same for the sb3s or connect them over ethernet, but that's really not an option.

so, i guess the answer is i don't really want to share my internet connection or my personal files :-)

rov
2008-11-18, 10:28
I recently added a SB2 to an existing WPA network and inadvertently entered an extra space after the pass. No amount of hard resets, pluging and unplugiing would remove the errant space. In the end the only way to solve it was to connect WIRED and then on restarting I could enter a new pass...more carefully!!

This is a serious issue, perhaps deserves a bug report>??

alex

so that sounds like the only way you could reenter the password was to connect wired, then restart in wireless mode? is that right?

CatBus
2008-11-18, 10:36
well i recently upgraded my router to draft-n, so practically the entire neighborhood can see our wireless network. i have several pcs on the wireless side and all are locked down as tight as i know how - mac filtering, no ssid broadcast, and wpa2-aes wireless key. which means i either have to do the same for the sb3s or connect them over ethernet, but that's really not an option.

so, i guess the answer is i don't really want to share my internet connection or my personal files :-)

FWIW, I think this would make a good feature request. I agree long passwords are no fun to enter via the remote.

A randomly-generated 63-character WPA2/AES setup is as good as you can get with your typical home setup (the only improvement would be periodic password rotation, which is more of an enterprise feature). MAC filtering and SSID hiding do not actually improve security, and in the case of SSID hiding can actually make your computer less secure. In the best-case scenario, they are useless.

peter
2008-11-18, 10:41
Goodsounds wrote:
> rov;361078 Wrote:
>
>> i've 2 sb3 units for which i need to update the wireless key. it's
>> pretty darn long and the last time i had to do this it took several
>> tries for each unit to get the key input correctly. my issue seems to
>> be the remote is occasionally sluggish so i'm pressing keys that don't
>> get recorded.
>>
>> it would be REALLY nice if i could connect the sb3 via ethernet and
>> somehow type via keyboard or cut & paste the key, rather than use the
>> remote. is this not yet possible, even with sc 7.2???
>>
>> thx,
>> rov
>>
>
> Are you concerned with use of your internet connection, access to
> files, or something else? Seems like there ought to be a less unwieldy
> way to handle security to your satisfaction.
>

There is a less wieldy way:

http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup

I don't know if SD have any plans of adding this. My router supports it,
though...

Regards,
Peter

peter
2008-11-18, 10:44
Peter wrote:
> Goodsounds wrote:
>
>> rov;361078 Wrote:
>>
>>
>>> i've 2 sb3 units for which i need to update the wireless key. it's
>>> pretty darn long and the last time i had to do this it took several
>>> tries for each unit to get the key input correctly. my issue seems to
>>> be the remote is occasionally sluggish so i'm pressing keys that don't
>>> get recorded.
>>>
>>> it would be REALLY nice if i could connect the sb3 via ethernet and
>>> somehow type via keyboard or cut & paste the key, rather than use the
>>> remote. is this not yet possible, even with sc 7.2???
>>>
>>> thx,
>>> rov
>>>
>>>
>> Are you concerned with use of your internet connection, access to
>> files, or something else? Seems like there ought to be a less unwieldy
>> way to handle security to your satisfaction.
>>
>>
>
> There is a less wieldy way:
>
> http://en.wikipedia.org/wiki/Wi-Fi_Protected_Setup
>
> I don't know if SD have any plans of adding this. My router supports it,
> though...
>

It's even planned for SC v8.0:

http://wiki.slimdevices.com/index.php/SoftwareRoadmap

Regards,
Peter

PS: And that's UNwieldy

rov
2008-11-18, 10:44
FWIW, I think this would make a good feature request. I agree long passwords are no fun to enter via the remote.

A randomly-generated 63-character WPA2/AES setup is as good as you can get with your typical home setup (the only improvement would be periodic password rotation, which is more of an enterprise feature). MAC filtering and SSID hiding do not actually improve security, and in the case of SSID hiding can actually make your computer less secure. In the best-case scenario, they are useless.

agree on the feature request.

i'm surprised that mac filtering and ssid hiding are no help - i realize mac addresses can be spoofed, but that would stop more casual snoopers, no? as for ssid hiding, i think it occasionally makes my wireless pc's flaky, but why less secure - does it require more frequent traffic between the router and pc, which could be snooped?

aubuti
2008-11-18, 10:51
agree on the feature request.

i'm surprised that mac filtering and ssid hiding are no help - i realize mac addresses can be spoofed, but that would stop more casual snoopers, no? as for ssid hiding, i think it occasionally makes my wireless pc's flaky, but why less secure - does it require more frequent traffic between the router and pc, which could be snooped?
SSID hiding doesn't make your computer any less secure. It just doesn't make it any more secure, as it is still easy for a hacker to find you. So there's zero benefit, while the cost is the potential hassle of flaky wifi you have observed.

CatBus
2008-11-18, 11:13
SSID hiding doesn't make your computer any less secure.

Actually it does. When you've got a computer configured to connect to a hidden SSID, your computer essentially broadcasts the SSID it would like to connect to, in an attempt to connect. Now if you take that computer to another location, it's still broadcasting the hidden SSID it would like to use. Someone in the know could sniff that SSID and quickly set up an access point using the same SSID, your computer would automatically connect, and then they could sniff unencrypted traffic, redirect DNS, all sorts of things. It's not too different from the sort of malicious wireless networks that have already been seen in some airports and hotels.

Reference: http://www.networkworld.com/columnists/2007/030507-wireless-security.html

rov
2008-11-18, 11:21
Actually it does. When you've got a computer configured to connect to a hidden SSID, your computer essentially broadcasts the SSID it would like to connect to, in an attempt to connect. Now if you take that computer to another location, it's still broadcasting the hidden SSID it would like to use. Someone in the know could sniff that SSID and quickly set up an access point using the same SSID, your computer would automatically connect, and then they could sniff unencrypted traffic, redirect DNS, all sorts of things. It's not too different from the sort of malicious wireless networks that have already been seen in some airports and hotels.

ok, so i'll re-enable ssid broadcast asap. will also file a bug report requesting the ability to connect a device via ethernet to permit easy cut & paste of wireless key for subsequent wireless connection.

thx for the help,
rov

[edit] - added feature request - bug report 10052

aubuti
2008-11-18, 11:36
will also file a bug report requesting the ability to connect a device via ethernet to permit easy cut & paste of wireless key for subsequent wireless connection.
First you should search for an existing bug report/enhancement request. I'm pretty sure that one already exists (others share your pain...), so it's better to vote for that than start a new one.

Goodsounds
2008-11-18, 11:46
Peter,

You said

"There is a less wieldy way: "

And

"PS: And that's UNwieldy"

If your words were directed to me, to imply I'd used the wrong words, I believe my usage was correct and yours was wrong. Check the dictionary and see what you find.

toby10
2008-11-18, 12:36
I recently added a SB2 to an existing WPA network and inadvertently entered an extra space after the pass. No amount of hard resets, pluging and unplugiing would remove the errant space. In the end the only way to solve it was to connect WIRED and then on restarting I could enter a new pass...more carefully!!

This is a serious issue, perhaps deserves a bug report>??

alex

Unless the SB2 is vastly different than the Boom WiFi settings, I eventually fixed my blank space using the remote. Even SD support was unaware how to fix this. Support suggested what you tried "factory reset". But I was determined NOT to re-enter that key from scratch if at all possible. :)

rov
2008-11-18, 12:52
Peter,

You said

"There is a less wieldy way: "

And

"PS: And that's UNwieldy"

If your words were directed to me, to imply I'd used the wrong words, I believe my usage was correct and yours was wrong. Check the dictionary and see what you find.

i think peter was correcting his own prior post, i.e., he meant to say "less unwieldy" but forgot the "un". hence the ps...

rov
2008-11-18, 12:59
aubuti,

i searched the bug reports and found many bugs related to wireless issues, but none really addressed the issue of finding an easier and hopefully more robust way of entering a wireless key. so i went ahead and filed the request. apologies in advance if i missed this request already entered elsewhere.

i guess this could be moot if sc v8.0 will do wi-fi protected setup, although i've had spotty luck making this work in the past.

rov

peter
2008-11-18, 13:07
Goodsounds wrote:
> Peter,
>
> You said
>
> "There is a less wieldy way: "
>
> And
>
> "PS: And that's UNwieldy"
>
> If your words were directed to me, to imply I'd used the wrong words, I
> believe my usage was correct and yours was wrong. Check the dictionary
> and see what you find.
>

I was correcting (and reacting to) myself.

I like to think the WPS story was more interesting, though...

Regards,
Peter

toby10
2008-11-18, 13:23
SSID hiding doesn't make your computer any less secure. It just doesn't make it any more secure, as it is still easy for a hacker to find you. So there's zero benefit, while the cost is the potential hassle of flaky wifi you have observed.


In regards to not broadcasting the SSID:
- I understand CatBus' explanation for "less secure" in situations
- I've long understood that it is of little benefit to stop even a beginner hacker

....but I'm curious as to why this would also (possibly) make a WiFi more "flaky"?
Do you mean more likely to experience signal drops?

Thanks :)

Couple of other WiFi security items that often get overlooked as well:
- enable router Firewall
- block or filter: IDENT / NAT / Multicast / Anon requests
- disable remote management (only wired computer can enter router ADMIN)

These cannot be used in some networks due to the networks needs and usage, like gaming or remote access to SC etc...

aubuti
2008-11-18, 14:12
In regards to not broadcasting the SSID:
- I understand CatBus' explanation for "less secure" in situations
- I've long understood that it is of little benefit to stop even a beginner hacker

....but I'm curious as to why this would also (possibly) make a WiFi more "flaky"?
Do you mean more likely to experience signal drops?
rov mentioned that hiding the SSID "...occasionally makes my wireless pc's flaky...", but I can't speak to his specifics. I do know that when I was first getting WPA going on Win2K that I would get frequent wifi disconnects when I was hiding the SSID, and none when I un-hid the SSID. I read various posts/articles reporting similar conflicts, so it didn't seem like I was the only one. But I don't know enough about the black magic of wifi enough to understand the nature of the problem, much less explain it.

Fwiw, I had no problem with hiding the SSID when I was using WEP, but of course the real problem is that I was using WEP! "Giving up" hiding the SSID in exchange for switching to WPA wasn't a difficult choice.

Goodsounds
2008-11-18, 14:31
Goodsounds wrote:
> Peter,
>
> You said
>
> "There is a less wieldy way: "
>
> And
>
> "PS: And that's UNwieldy"
>
> If your words were directed to me, to imply I'd used the wrong words, I
> believe my usage was correct and yours was wrong. Check the dictionary
> and see what you find.
>

I was correcting (and reacting to) myself.

I like to think the WPS story was more interesting, though...

Regards,
Peter

I took a look at the WPS thing, and I think that feature will not be widely adopted by end users. Based on the description I read, it seems too complicated for the average user.

I read an article, forget where - something more than 25 percent of home wifi installations are unencrypted. (We all know people who poach their neighbor's internet connection). Of the ones that are encrypted, most use the least secure method and the password is the family name or the dog's name. Why? People don't care and can't be bothered with it.

It's just like home security - how many people have massive locks, intrusion detection, silent messaging to a guard company, bars on windows, etc. Just like a 63 digit password, at some point the intrusion protection becomes more of an inconvenience than it's worth.

It's best to keep personal and confidential information off your PC anyway, that way, the true risk is minimized. If someone wants to break into my system to listen to Jethro Tull, I'm ok with that.

CatBus
2008-11-18, 15:02
....but I'm curious as to why this would also (possibly) make a WiFi more "flaky"?

The 802.11i specification amendment states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID. This clearly isn't done very commonly, but there are many scenarios where this could come into play and may trip over driver-or-hardware-specific variations.

My guess is that the machine tries to do a periodic reconnect, or tries to roam due to signal fluctuation, and suddenly decides to be strict and not associate with the access point (which is a perfectly acceptable response according to the specs so nobody would consider this a bug). It would appear like you were just working fine and then it suddenly stops. It's probably fixed by a reboot, or turning wireless off and on. Or broadcasting your SSID ;)

toby10
2008-11-18, 15:34
aubuti and CatBus: Thank you both for the explanation. :)

CatBus
2008-11-18, 15:35
something more than 25 percent of home wifi installations are unencrypted...

I'd honestly be surprised if it's not higher. Technically, a wide-open network isn't necessarily unsecure (you can use captive portal-style authentication, for example, and not allow access from the WLAN to the LAN, but that's how a hotel or business might set it up, not your typical home user)


at some point the intrusion protection becomes more of an inconvenience than it's worth

Absolutely. And with wireless tech, you even have to work hard to set up completely ineffective security. To carry the house analogy way too far, WEP isn't easy and it's like never bothering to lock your doors. Hiding your SSID isn't easy and it's like assuming nobody can see your green house as long as you water your lawn. The shame is that wired security is easy because it's tied to physical security, but wireless security is hard. And it's wireless tech that's popular with the general public, and wired tech that the techies use. No clear solution in sight.


If someone wants to break into my system to listen to Jethro Tull, I'm ok with that.

If that were the only risk, you should be okay with that. You always need to assess your personal risk. Some people live several miles from any other dwelling or road. Do they need to secure their wireless? Probably not. Some people live in apartment buildings with several people they don't even know within range. Probably a wise choice.

For what it's worth, the primary risk isn't to the data on your computer--it's to your potential legal liability and/or violation of the terms of service with your ISP for things other people do using your network.

radish
2008-11-18, 16:34
I recently added a SB2 to an existing WPA network and inadvertently entered an extra space after the pass. No amount of hard resets, pluging and unplugiing would remove the errant space. In the end the only way to solve it was to connect WIRED and then on restarting I could enter a new pass...more carefully!!

This is a serious issue, perhaps deserves a bug report>??

alex

I believe pressing Play on the remote will delete a character. Don't ask me why :)

JadeMonkee
2008-11-18, 20:47
The 802.11i specification amendment states that a computer can refuse to communicate with an access point that doesn't broadcast its SSID. This clearly isn't done very commonly, but there are many scenarios where this could come into play and may trip over driver-or-hardware-specific variations.

My guess is that the machine tries to do a periodic reconnect, or tries to roam due to signal fluctuation, and suddenly decides to be strict and not associate with the access point (which is a perfectly acceptable response according to the specs so nobody would consider this a bug). It would appear like you were just working fine and then it suddenly stops. It's probably fixed by a reboot, or turning wireless off and on. Or broadcasting your SSID ;)

This could explain the problems of my wireless card frequently not-working after migrating to Ubuntu... I think I'll enable broadcasting now, and see what happens in Linux. Thanks for the info!

peter
2008-11-18, 23:36
Goodsounds wrote:
> peter;361199 Wrote:
>
>> Goodsounds wrote:
>>
>>> Peter,
>>>
>>> You said
>>>
>>> "There is a less wieldy way: "
>>>
>>> And
>>>
>>> "PS: And that's UNwieldy"
>>>
>>> If your words were directed to me, to imply I'd used the wrong words,
>>>
>> I
>>
>>> believe my usage was correct and yours was wrong. Check the
>>>
>> dictionary
>>
>>> and see what you find.
>>>
>>>
>> I was correcting (and reacting to) myself.
>>
>> I like to think the WPS story was more interesting, though...
>>
>> Regards,
>> Peter
>>
>
> I took a look at the WPS thing, and I think that feature will not be
> widely adopted by end users. Based on the description I read, it seems
> too complicated for the average user.
>

The technical description makes it look complicated, but if I understand
correctly there are two fairly simple scenarios:

- Your SB has a sticker with a 4 digit pincode on the back. You enter
that pincode into your WPS compatible router and the SB is automatically
added to you network with a secure WPA key.
- Your SB has a button, you press that button and then press a similar
button on your router. The SB is automatically added.

That's fairly simple. The 2nd scenario is not unlike the way my DECT
phones register to the PBX. Of course the SB3 doesn't have a button, but
it could use the remote.

Regards,
Peter

peter
2008-11-18, 23:39
CatBus wrote:
> Goodsounds;361238 Wrote:
>
>> something more than 25 percent of home wifi installations are
>> unencrypted...
>>
>
> I'd honestly be surprised if it's not higher. Technically, a wide-open
> network isn't necessarily unsecure (you can use captive portal-style
> authentication, for example, and not allow access from the WLAN to the
> LAN, but that's how a hotel or business might set it up, not your
> typical home user)
>

When I moved into my current house there was 1 open access point, which
I used while my cable connection was being set up. It was my neighbors,
and he OK'd it after the fact ;) My laptop now finds 10 visible AP's
which are all encrypted. Dutch ISP's have begun shipping modems with
encryption enabled and the code on a sticker on the router.

Regards,
Peter

Goodsounds
2008-11-19, 00:21
CatBus wrote:
> Goodsounds;361238 Wrote:
>
>> something more than 25 percent of home wifi installations are
>> unencrypted...
>>
>
> I'd honestly be surprised if it's not higher. Technically, a wide-open
> network isn't necessarily unsecure (you can use captive portal-style
> authentication, for example, and not allow access from the WLAN to the
> LAN, but that's how a hotel or business might set it up, not your
> typical home user)
>

When I moved into my current house there was 1 open access point, which
I used while my cable connection was being set up. It was my neighbors,
and he OK'd it after the fact ;) My laptop now finds 10 visible AP's
which are all encrypted. Dutch ISP's have begun shipping modems with
encryption enabled and the code on a sticker on the router.

Regards,
Peter

Your comment made me curious, so I checked my own situation. 7 other systems visible from my house (checked from outside), 4 of which were named "linksys", 3 of which were not encrypted.

rov
2008-11-19, 03:36
well since i re-enabled ssid broadcast, my wife's laptop has been much better behaved with the wireless signal. too early to tell if it affects the sb3s one way or the other.

my old neighborhood in virginia had about a half-dozen signals in range, all of which were protected with something, although several of them were only wep. new neighbors in pa are similar. so no free wi-fi, at least not without some effort. which is enough to stop me...

rov

Dogberry2
2008-11-19, 09:39
It's best to keep personal and confidential information off your PC anyway, that way, the true risk is minimized. If someone wants to break into my system to listen to Jethro Tull, I'm ok with that.That sounds good, but it reduces the PC to being just a toy. Many people find it very useful for making purchases, paying bills, banking, accounting, record keeping, personal photographs and home videos, and other functions that require things like credit card and bank account numbers and personal information. The beauty of a modern PC is its versatility. And of course, with that versatility comes complexity, and also risk. So one tries to minimize the risk without giving up the usefulness of the machine. It isn't possible to completely eliminate the risk, but then, there's risk in everything, anyway. Never using a PC for anything involving personal or confidential information would be like owning a car but never driving it. You'd eliminate the risk of dying in a car crash, but you'd also get no real use out of the machine. So instead, one minimizes the risk of driving as much as possible, by learning to drive safely, wearing a seat belt and so forth. We accept the risk as the price we pay for the advantages gained.

toby10
2008-11-19, 10:14
That sounds good, but it reduces the PC to being just a toy. Many people find it very useful for making purchases, paying bills, banking, accounting, record keeping, personal photographs and home videos, and other functions that require things like credit card and bank account numbers and personal information. The beauty of a modern PC is its versatility. And of course, with that versatility comes complexity, and also risk. So one tries to minimize the risk without giving up the usefulness of the machine. It isn't possible to completely eliminate the risk, but then, there's risk in everything, anyway. Never using a PC for anything involving personal or confidential information would be like owning a car but never driving it. You'd eliminate the risk of dying in a car crash, but you'd also get no real use out of the machine. So instead, one minimizes the risk of driving as much as possible, by learning to drive safely, wearing a seat belt and so forth. We accept the risk as the price we pay for the advantages gained.

Completely agree. :)
What many people don't realize is that PC computer transactions (with basic security and a little common sense) are MUCH more secure than the old ways of conducting biz. The average user is four times more likely to be the victim of credit/check fraud/theft or identity theft using a credit card at a store or writing a check vs online purchases or bill pay.

Watching the news one would get the impression that conducting any business with a PC is a higher risk than using a credit card or writing a check in person, and it just isn't true.

Goodsounds
2008-11-19, 10:38
That sounds good, but it reduces the PC to being just a toy. Many people find it very useful for making purchases, paying bills, banking, accounting, record keeping, personal photographs and home videos, and other functions that require things like credit card and bank account numbers and personal information. The beauty of a modern PC is its versatility. And of course, with that versatility comes complexity, and also risk. So one tries to minimize the risk without giving up the usefulness of the machine. It isn't possible to completely eliminate the risk, but then, there's risk in everything, anyway. Never using a PC for anything involving personal or confidential information would be like owning a car but never driving it. You'd eliminate the risk of dying in a car crash, but you'd also get no real use out of the machine. So instead, one minimizes the risk of driving as much as possible, by learning to drive safely, wearing a seat belt and so forth. We accept the risk as the price we pay for the advantages gained.

I agree with much of what you say, also with what Toby said. I use my PCs in all of these ways, and lose no sleep about it. For what it's worth, I use wireless encryption at home but like the locks on the door, lightweight enough to be convenient to me and only intended to keep honest people honest but not much more.

I know a couple of IT security experts, and their collective advice to me was to limit STORAGE of files containing personal data on a PC's normal drives. They suggested using thumb drives with encryption for sensitive personal stuff. The rest of it, they suggested keeping browser caches empty after use, and being careful about what folders are read-enabled over a network.

Laptops, even those sitting behind 63-character home network encryption keys, get stolen, get lost, or get used in Starbucks on an open network. In my mind, those risks are the ones that are more likely to happen, although with care, the consequences can be limited.

bgriffis
2008-12-30, 20:12
If you would like a better/easier method to enter Wifi passwords then vote for this bug on Bugzilla:

http://bugs.slimdevices.com/show_bug.cgi?id=10052