Ipad/PC wireless?

[Michael Palero]

Yes, I am talking about a one time entry. But if it's a string that's impossible to type on a keyboard, you just can't do it on a Mac. The most secure WiFi key/password is a string of 63 or 64 randomly generated bytes. Only about half of randomly generated bytes are characters you can type on a keyboard. The easy way to deal with it on most computers is to put the key in a text file on a memory stick, load it into your computer, and copy & paste. But OS-X won't let you do that. Okay, maybe if you are a UNIX wizard and know how to hand-edit the WiFi configuration files behind the scenes, you can do it on a Mac.

I had to compromise the security of my WiFi network to allow Macs to connect. The shorter and easier a key is to remember and type, the less secure it is.

Interesting. What is your string and what type of encryption are you using?

[Greg Peng]

Nice social engineering attempt, Mike! :unimpressed:

[Mako Koiwai]

I must have missed something setting up my Mac and Router. I was asked to create a WPA2 Personal password in my Network preferences ... just used an 8 letter word.

I'm using Open DNS ... I was able to use the same simple password there.

I don't know what I'm talking about! all I know is that it was easy, it works and we're password protected.

[Eric Clements]

According to facebook Jon has the wireless up and working. I think I'm going to have to trade him pizza for my ipad..

[Michael Palero]

Nice social engineering attempt, Mike! :unimpressed:

Greg, I could care less about John Stimson's computers. John said he had to make his mixxed network less secure when added Macs-- I was curious about that.

[Bob Beamesderfer]

OS-X won't let you copy & paste a wireless key, so you have to type it in

Are you talking about a one time entry? I never have to re-log in with my Mac ... it's always recognized, the moment I walk into the house, and I have a password, and firewall ... same with my iPhone, if I have the WiFi turned on.

Yes, I am talking about a one time entry. But if it's a string that's impossible to type on a keyboard, you just can't do it on a Mac. The most secure WiFi key/password is a string of 63 or 64 randomly generated bytes. Only about half of randomly generated bytes are characters you can type on a keyboard. The easy way to deal with it on most computers is to put the key in a text file on a memory stick, load it into your computer, and copy & paste. But OS-X won't let you do that. Okay, maybe if you are a UNIX wizard and know how to hand-edit the WiFi configuration files behind the scenes, you can do it on a Mac.

I had to compromise the security of my WiFi network to allow Macs to connect. The shorter and easier a key is to remember and type, the less secure it is.

What characters/string can't be typed on a Mac?

[John Stimson]

It was something that looked like this:
»N°%ö¢}Ç&µ$gT%«JÜ:-ü«B䣼+_;Ö6£ä¿-v9Ö3F/^¹ÚS92»Ö¢âcwöüs¹ó]üúöÇE

Have fun typing that -- twice -- by hand.

That string was generated by an online WPA key generator. The instructions say to include as many of the character categories as feasible. That increases the security of the key.

Back when I originally set up my network, the random key generators I found generated keys with the full ASCII set. It looks like most of the online key generators nowadays only generate keys with characters you can type. That's probably to allow compatibility with less capable devices like phones, as it has become much more common to hook your phone up to a wireless network in the past couple of years.

[KJ Christopher]

It was something that looked like this:
»N°%ö¢}Ç&µ$gT%«JÜ:-ü«B䣼+_;Ö6£ä¿-v9Ö3F/^¹ÚS92»Ö¢âcwöüs¹ó]üúöÇE

How do you type that with a PC keyboard?

[John Stimson]

(select with mouse)
Ctrl-C
(click password field with mouse)
Ctrl-V

[Steve Ekstrand]

I get the character set part... # of characters in set to the 64th
Although, 26 + 10 to the 64th is a pretty big number.

I don't get the random part. Isn't that just so it isn't guessed? The guys trying to hack your access point are going to use software key breakers, they aren't going to be guessing like the movies.

Makosreallylongandtrickyaccesspointkeycodethatcanteasilybeguessedbynerdycomputerhackersseemsprettysafetomeohletsaddsomenumberstoo0123456789

I'd kind of be thinking that just Z typed 64 times is as difficult to crack for the software they are using as any random string. And if the software is considering the entire ascii character set then isn't it going to work just as hard and have just as much trouble whether you used it or not?

Edjumicate me... I went to a liberal arts school.

[Kurt Rahn]

It was something that looked like this:
»N°%ö¢}Ç&µ$gT%«JÜ:-ü«B䣼+_;Ö6£ä¿-v9Ö3F/^¹ÚS92»Ö¢âcwöüs¹ó]üúöÇE

Have fun typing that -- twice -- by hand.

That string was generated by an online WPA key generator. The instructions say to include as many of the character categories as feasible. That increases the security of the key.

Back when I originally set up my network, the random key generators I found generated keys with the full ASCII set. It looks like most of the online key generators nowadays only generate keys with characters you can type. That's probably to allow compatibility with less capable devices like phones, as it has become much more common to hook your phone up to a wireless network in the past couple of years.

It's for security. A security key isn't very secure if it can be cut and pasted. At least that's the thinking on Apple's part.

[John Stimson]

Kurt, I can copy and paste a string of letters and numbers just as easily as I can copy and paste a string of gobbledygook. All Apple is doing is preventing you from pasting a string into the password field when you try to log into a secure network. I don't see how that increases security. If I have the key displayed on the screen, how is typing it into the password blank any more secure than pasting it there?

Steve: Password cracking isn't necessarily just brute force guessing all possibilities in sequence or at random. Some smarts are applied to what is guessed -- based on what people are likely to use as their passwords. First, if you can expect people to only use characters that they can type, then you only have to guess passwords made up of characters you can type. Next, what are people likely to use as passwords? Words, or strings of words. That makes the password easy to remember. So you build strings of random words from the dictionary and use those as guesses, instead of strings of random letters. That eliminates another huge chunk of "unlikely" passwords that you don't have to guess. Okay, but what if someone gets clever and decides to substitute numbers for similar looking letters (E=3, O=0, l=1, etc)? So you build a list of alternate spellings with numbers substituted for letters...password cracking can get pretty sophisticated. You're right, it's not just guessing that the guy used his mom's name, like in the movies, but in a sense, thinking about what the password is likely to be can narrow down what your guesses should be. And you might be surprised how many people will use their relatives/girlfriend/boyfriend/pet/favorite author's name as their password when they don't have a password checker telling them "No, that's not a good password".

So yeah, random is more secure than the same length string of words, and full ASCII is more secure than alphanumeric.

[John Stimson]

Kurt, consider two alternative scenarios:

I generate an extended ASCII password. I store it on a memory stick in my home. When a friend comes over and wants to connect to my WiFi, I give them the memory stick. They open the file, copy the password into the network password blank, and give me back the memory stick.

or

I generate an alphanumeric password. I memorize it or write it down and store the paper in my home. When a friend comes over, and wants to use my WiFi, I speak the password to them, and they type it in.

What is the risk in the first situation that does not exist in the second situation?

[Eric Clements]

iPad is working all around the house (and pool!)

Now, how do I save an online PDF? Normal web text I can highlight (light blue) and it pops up a "copy" icon.

[Kurt Rahn]

Kurt, consider two alternative scenarios:

I generate an extended ASCII password. I store it on a memory stick in my home. When a friend comes over and wants to connect to my WiFi, I give them the memory stick. They open the file, copy the password into the network password blank, and give me back the memory stick.

or

I generate an alphanumeric password. I memorize it or write it down and store the paper in my home. When a friend comes over, and wants to use my WiFi, I speak the password to them, and they type it in.

What is the risk in the first situation that does not exist in the second situation?

I'm with you. I find having to type a password in every time a pain in the butt. But that's Apple's reasoning, from what I've read.

[Will Kalman]

I get the character set part... # of characters in set to the 64th
Although, 26 + 10 to the 64th is a pretty big number.

I don't get the random part. Isn't that just so it isn't guessed? The guys trying to hack your access point are going to use software key breakers, they aren't going to be guessing like the movies.

Makosreallylongandtrickyaccesspointkeycodethatcanteasilybeguessedbynerdycomputerhackersseemsprettysafetomeohletsaddsomenumberstoo0123456789

I'd kind of be thinking that just Z typed 64 times is as difficult to crack for the software they are using as any random string. And if the software is considering the entire ascii character set then isn't it going to work just as hard and have just as much trouble whether you used it or not?

Edjumicate me... I went to a liberal arts school.

Not all attacks run through the potential passwords from start to finish (i.e. "aaaaaaa", then "aaaaaab", etc). It stands to reason to start with the dictionary, then move on to dictionary words with numbers appended, then on to multiple dictionary words run together, and then maybe longer sequences of letters, eventually you work your way towards more and more random fields.

I set my luggage to 1234, nobody's going to guess I'm using that!

[Bob Beamesderfer]

It was something that looked like this:
»N°%ö¢}Ç&µ$gT%«JÜ:-ü«B䣼+_;Ö6£ä¿-v9Ö3F/^¹ÚS92»Ö¢âcwöüs¹ó]üúöÇE

Have fun typing that -- twice -- by hand.

That string was generated by an online WPA key generator. The instructions say to include as many of the character categories as feasible. That increases the security of the key.

Back when I originally set up my network, the random key generators I found generated keys with the full ASCII set. It looks like most of the online key generators nowadays only generate keys with characters you can type. That's probably to allow compatibility with less capable devices like phones, as it has become much more common to hook your phone up to a wireless network in the past couple of years.

All of those characters can be typed by a Mac. Not that I want to.

[Bob Beamesderfer]

Kurt, consider two alternative scenarios:

I generate an extended ASCII password. I store it on a memory stick in my home. When a friend comes over and wants to connect to my WiFi, I give them the memory stick. They open the file, copy the password into the network password blank, and give me back the memory stick.

or

I generate an alphanumeric password. I memorize it or write it down and store the paper in my home. When a friend comes over, and wants to use my WiFi, I speak the password to them, and they type it in.

What is the risk in the first situation that does not exist in the second situation?

I'm with you. I find having to type a password in every time a pain in the butt. But that's Apple's reasoning, from what I've read.

What are using that requires a password every time?

[Kurt Rahn]

I'm with you. I find having to type a password in every time a pain in the butt. But that's Apple's reasoning, from what I've read.

What are using that requires a password every time?

I run a network of about 75 Macs. Anytime I need to install software, move things into/out of certain folders, change certain folder names, etc. I need to enter a password. It's kind of a pain. On the other hand, I'm the only IT person, and I do that function less than half time, which wouldn't be possible if the network were all PCs. Trade offs.

[Mako Koiwai]

Makosreallylongandtrickyaccesspointkeycodethatcanteasilybeguessedbynerdycomputerhackersseemsprettysafetomeohletsaddsomenumberstoo0123456789

Gee Thanks Steve! Now I've got to change my password! :unimpressed:

Yesterday day my MiFi device ran out of tokens while shooting on location ... there was no way I could remember the convoluted "user name" forced on me by VirginMobil, the password was easy ... my birthday as suggested by them! There's no way I can't keep a list of user names and passwords "hidden" in my iPhone. Every time one needs to Retrieve a Password one has to create a new one since they don't let you use your old one ... so one runs out of Favorites and is forced to start using convoluted bastardizations of passwords that one use to be able to remember.

[Rick Brown]

Just need to add bio to all our devices - thumb print and/or eye scan. Or implant a chip in our body to allow us to access everything we own, cars, doors at home and office, computers, phone, web sites, software, etc. just by thinking about it.

[Aaron Goldsmith]

I'm with you. I find having to type a password in every time a pain in the butt. But that's Apple's reasoning, from what I've read.

What are using that requires a password every time?

I run a network of about 75 Macs. Anytime I need to install software, move things into/out of certain folders, change certain folder names, etc. I need to enter a password. It's kind of a pain. On the other hand, I'm the only IT person, and I do that function less than half time, which wouldn't be possible if the network were all PCs. Trade offs.

I'm the only IT person who supports more than 75 PC's at multiple sites.. plus the other stuff I do.. I'd say that any desktop type support is maybe 20% of my job. Rarely is it the computer's fault there's a problem.

[Kurt Rahn]

I'm the only IT person who supports more than 75 PC's at multiple sites.. plus the other stuff I do.. I'd say that any desktop type support is maybe 20% of my job. Rarely is it the computer's fault there's a problem.

Halelujah, brother! User error is the bane of my existence.

[Mako Koiwai]

So computers and software need to be made even easier use. For you guys that deal with this stuff professionally it seems impossible to imagine that any of this stuff is difficult.

* Why does my mail software every once in a while demand to know what my mail password is. I enter it, tell it to remember it in the Key Chain and it will ask me five more times what my password is ... and then it's fine again for a month, ie. it remembers my password ... for a while.

[Mako Koiwai]

Should security software like MacScan slow down my computer?

After being bit by that thing that was going around Facebook a few weeks ago, I installed MacScan to clean house. It did find a few spyware and trojan horses. I have it set to do a scan every other day at something like 3 AM. It cleaned out all of my old cookies, so I'm having to manually log into my main sites on the initial visit.

But seemingly since installing it, my computer seems slow again and sort of stalls out occasionally ... which it rarely did in the past. I've also switched out my internal HD to one that's three time the size of my old one. That helped ... but that was before I installed MacScan.

I always install the latest Mac Security updates and OS up-dates