SSID broadcasts

[benthehutt]

This may be a dumb question, but I'm kinda new to wireless networks so bear with me.  I've got four computers with WMP54G's on them running through a WRT54G router.  I don't actually need any security past the 128-bit WEP it offers, but I wanted to try to disable the SSID broadcasts.
I've heard you can do it, but none of my computers can find the network if I disable it.  I even give them the SSID and WEP code and they still can't find them.  

First off, is there any actual need to disable SSID broadcasts?  Will it enhance security?  And how can I do it?

[benthehutt]

Wow, I was a complete idiot in March.  Anyway, this is what's happening (if anyone cares):

First off, 128-bit WEP encryption is probably more than any 4 computer wireless ethernet will ever need.  In fact, it maybe arguable that wireless networks greatly surpass wired networks in security.  In the first place, it's incredibly difficult to crack a 128-bit public/private key encryption code, second off, if the SSID broadcasts are turned off, most sniffers will never even be able to find the encrypted signal.  Thusly, that will offer way more security than you (I) will ever need.

Thirdly, in order to disable SSID broadcasts, each computer in the network must be given the WEP key and the SSID.  However, this cannot be done using the crappy software that ships with linksys stuff (even though it claims it can).  I suggest uninstalling any software and using a third party program like:

http://www.devicescape.com/ (WOC)
http://www.woodstone.nu/salive/reg.asp
http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html

or even the Windows XP builtin wireless manager cajjigidy.

Oh, and also, I admire your work, benthehutt, and I wish I could kiss the ground you walk upon...

humbly yours,
benthehutt

[wilnix]

Wow, sounds like a good place to post about WPA, AES, etc...

I have plans from my wifi implementation i can put up here as soon as i get back to work...just the general stuff...

Wilnix

[syklops]

this thread is somewhat out of date now, but I thought I would post this link up anyway.

The FBI demonstrating at, I think it was Defcon, how to crack 128-bit wep in about 10 mins. I have done it and it works.

the link is here

[benthehutt]

Heh, good ole FBI.  I've got a mathematician friend who worked for the NSA, he said they've got a computer whose sole purpose it to be able to crack RC5-128 encryption in seconds.  Kinda scary thought...
It makes me wonder what kinds of encryption aren't even legal.  I mean, if it took 10000 computers 5 years or so to crack RC5-64 at distributed.net and the government could do it in seconds...

[syklops]

have you read Digital Fortress by Dan Brown. Alot of it is fiction, but there are truths in it, and they are scary truths.

[benthehutt]

heehee, yay for conspiracy theories!

[Metgod]

Afaik, the laws largely depend on the country. For instance, many countries (US included) say you can't export keys that are so and so long (and I don't know the current numbers). So for instance, I couldn't use certain (larger) keys on a global sftp server that foreigners could use. There used to be (still is ?) issues with things like exporting or releasing source code to certain algorithms (DES comes to mind, although that's a vague memory).

I can't help but think I know why all these laws are in place.... although I suppose some of it is good in some ways.

[godaigo]

I always thought that it was interesting that the export of cryptographic software was actually written into the munitions export regulations. So in some sense they found it logical to equate the export of software with weapons, even back before "cyber-war" was much of a concept.

[benthehutt]

The NSA is the number one employer of math majors in the world--and all to make a break ciphers...

Slightly off topic:

Ha!  I've found you out Godaigo--or should I say, EMPEROR Godaigo?!  I've always wondered where the name came from...

[godaigo]

Exactly! So you delved into some history eh?

[benthehutt]

Are you also a master of the koan?

(I was going to say, "Do you also own the koan," but I thought better of it)

[godaigo]

No, the koan kicks my butt! I have no patience for the koan. I do have a lot of time spent with tsuki and kotegaeshi though!

[Marcvs]

I have got a 128Bit Encrypted Router (Netgear DG834G) witg SSID but strangely my Belkin Card actually picks up there is a network there (very useful for sniffing other networks ) even though its diesnt always give the display name or password i can sometimes force connect it to networks

[Uneek]

Err... I must have missed this post originally... either that or the fact that I had been MIA for a while... whatever the case may be, WiFi in its current implementation, whether a/b/g, etc., is VERY insecure and great care should be taken when implementing for it to be secure. 10 minutes to crack 128bit WEP is no longer the case. There's a nifty tool out there that will generate enough traffic for you to sniff the required amount of packets to crack it in just a few minutes... Disabling SSID broadcast does help some, (the whole out of sight, out of mind / security by obscurity thing), however don't rely on only those two for security. I would suggest implementing some sort of RADIUS authenticating at least, blah blah blah... 'nuff of my rant...