Comments on: My Home WiFi Is No Longer Free /old-blog/2391 Amit Schreiber's Blog | הבלוג של עמית שרייבר Sat, 18 Dec 2010 10:09:29 +0000 hourly 1 https://wordpress.org/?v=6.7.2 By: Itai /old-blog/2391/comment-page-1#comment-168308 Sat, 18 Dec 2010 10:09:29 +0000 /old-blog/?p=2391#comment-168308 Your suggestion should have been more or less straight forward to implement, but if you look at the history of WiFi encryption, and how easy it was to crack some of the earlier protocols, you’ll be quite amazed at how clueless even some of the professionals in this field sometimes are, so this oversight is not really that surprising.

]]> By: Amit /old-blog/2391/comment-page-1#comment-168290 Sat, 18 Dec 2010 06:16:00 +0000 /old-blog/?p=2391#comment-168290 Your idea is a good one and was actually offered by a security researcher ( http://it.slashdot.org/story/10/11/10/0355231/Sophos-Researcher-Suggests-Password-Free-to-Spur-Wi-Fi-Encryption ) – he offered that all publicly-available networks should be encrypted and with the password “free.”

Unfortunately, though, I think I’ll leave my network encrypted (with a secret password) because of my new venture after quitting IBM – it’s just safer not to let anyone in instead of trying to enforce security with firewall rules like I used to.

One thing I don’t understand is why WiFi network encryption is related to the network password. I mean – it should have been possible to enable encryption without requiring a password. Or am I missing something?

Thanks!

]]> By: Itai /old-blog/2391/comment-page-1#comment-168247 Fri, 17 Dec 2010 19:15:14 +0000 /old-blog/?p=2391#comment-168247 I’m not an expert on WiFi security, but I’m pretty certain that if you use WPA or WPA2, set your password to something like X, and your SSID to something like FREE-ACCESS-Password-is-X, you get the best of both world: Nobody can sniff your packets and your WiFi is still effectively free for all.

I do have two warnings though: 1. I’m not at all sure about this. Somebody will have to actually read the WPA specs to make sure it’s true, and I’m certainly not going to do this now. 2. One of the most common security best practices is not to open anything you don’t need, so you did make the right choice in this regard anyway (unless you want to use public-access as a defense for some illegal on-line activities. The “Somebody else did it” excuse seems to work well in some countries).

]]>