Can I encrypt the SSID using WEP?
Printable View
Can I encrypt the SSID using WEP?
A simple one word answer is YES.
You can't encrypt the SSID with WEP.
I think that you are getting confused?
The SSID is basically your network name or identifier. It is effectively standing information like a user ID.
WEP is an encryption algorithm for traffic flowing over the network (WPA is stronger ;) ) It is for dynamically encrypting packets, not for static information.
Obviously you can theoretically encrypt anything with any algorithm, but I don't think that was your question?
:)
Well I too was confused over that...I ran a serach through numerous pagres and went through man ypages and it seems that WEP can be used to encrypt SSID.
@nihil : what do you mean by Obviously you can theoretically encrypt anything with any algorithm. What do you mean by THEORETICALLY? do you mean that in practical applications, SSID can't be encrypted by WEP?? If yes then why??
I know that the SSID broadcast can be disabled but didn't think that it could be encrypted. If it can, I'd be interested to know how. I just wonder if it depends upon the make of the router? If it is possible with WEP, what about with WPA?
Well, as I understand things, the SSID is not really a security feature in itself.
I have always seen advice to change it from the default, and not make it obvious. In that respect I think that it is rather similar to your USER ID or Profile on an NTFS system. It gives an attacker something else to guess or find out, but is relatively trivial from a security viewpoint.
Now, it is quite possible to encrypt a whole drive, operating system included. You have to authenticate yourself to the encryption software and it then decrypts the drive before you can even authenticate yourself to the operating system and any file and applications security measures that you might have installed.
So, my comment that you could theoretically encrypt the SSID holds good. However, in its normal usage (broadcast) it is not encrypted, so I do not really see what this would achieve, unless you were afraid of physical access/theft.
As for WEP, this is a weak encryption algorithm at best. All I would say is that IMO it is better than nothing, and would deter casual interception, therefore to use the algorithm to encrypt things it was not designed for would seem to be something of a waste of time? Better to use far better encryption mechanisms for those?
:)
Debunking the Myth of SSID hiding (PDF!) - that should answer any and all questions
Not to be a ***** here but, here's my input.
I think encrypting the SSID is pointless. Your focus should not be on the SSID, moreso it should on whats travelling between your router and whatever is connected to it.
Encrypting the SSID won't stop anyone from sniffing out your wireless traffic.
There is no way to hide your SSID. You can disable SSID broadcast (although that breaks some devices), but that still won't hide it as a passive observer will still be able to see probe requests and responses, thus see what the SSID is.
WEP, WPA etc, do not encrypt
- SSIDs
- Mac addresses
- Various other metadata (timestamps maybe)
They only encrypt the normal ethernet data. This includes IP headers of course so they can't see your IPs.
Mark
From all my testing that I've done on SSID and wireless, the SSID cannot be encrytped. And as everyone as all ready stated, you can stop the broadcast. But there are quite a number of tools that can eventually pick up the beacon packet and divulge the SSID.
Kismet is one of the tools. This little intrusion detection device also couples as hotspot detector. It can even associate IP and MAC addresses from machines to the networks it hears. Since it runs in monitor mode anyways, it can pick up plenty of wireless networks across the spectrum. And makes some cool noises when it picks up on certain type of traffic :D
Airsnort is another good tool for checking what kind of traffic is out there. Even if you were able to manage to encrypt the SSID, this would eventually be able to decipher it (depending on the type of algorith one uses). Airsnort can crack wep 64 & 128, and maybe wpa but don't quote me on that. I know it only takes 364 some-odd thousand packets to break the 64 bit wep key. 128 is closer to a million. A good sized network could generate that kind of easy, or just start downloading fedora core 5 about 10 times simultaneously and that will generate the necessary traffic if you're interested in testing out Airsnort.
Well, that's my two cents. In short, even if you did encrypt it there are ways of finding it out
you can encrypt traffic using WiredEquivalentPrivacy. But your SSID won't be encrypted.
if you want to hide your network's SSID, disable the SSID broadcast in your router's configuration utility.
yeah that was the what sparked this whole thread anyways was the wonder of if you can actually encrypt the SSID. I say no, and agree about turning it off on the router.
However, there are still ways of discovering the SSID. Aside from the tools I mentioned, there is a way to send a reset beacon to a wireless client, forcing him off the network. When the machine goes to reconnect, it will send a broadcast TO the router with the SSID. I believe the program is called Weillienheir (something similar to that).
But there are more and more tools out there every day. And all of the best ones are written for Linux, as the ndis drivers in Windows are so limited that they can barely even run in monitor mode.
How many times can different people say the exact same thing! :D
WIndows can work alomost as wellQuote:
But there are more and more tools out there every day. And all of the best ones are written for Linux, as the ndis drivers in Windows are so limited that they can barely even run in monitor mode.