Linksys home network problems

On 7 Aug 2006 23:29:46 -0700, "Amanda" wrote in :

You're very welcome. Best of luck with your boarders.

On Mon, 07 Aug 2006 19:01:52 GMT John Navas wrote: | On 7 Aug 2006 17:38:23 GMT, snipped-for-privacy@ipal.net wrote in | : | |>On Sun, 06 Aug 2006 08:28:30 GMT John Navas wrote: |>

|>| I recommend diceware words (link in wikis below): |>

|>Which link? | | Click Search on any of the wiki pages. | |>Oh wait, you're one of those people that likes to send people on wild |>goose chases. | | Oh wait, you childishly presume to tell other people what to do even | when they spend a great deal of time and energy helping others instead | of doing so yourself.

There's a class of people that like to tell people to go to specific web sites for the answer, but only send them to the main page. There's a class of people that like to tell people to google for the answer without saying what the best keywords would be. It's the same class. You know, maybe you are not as helpful as you think you are.

On 8 Aug 2006 14:36:54 GMT, snipped-for-privacy@ipal.net wrote in :

Ditto. Have a nice day.

snipped-for-privacy@ipal.net hath wroth:

Correct. It's not strong. That's because most people will either scribble the long pass phrase somewhere, or inscribe it in a file somewhere. Most often on a post-it note under the keyboard or attached to the router. Some plaster it on the monitor. I read in some mailing list that one admin did a walk through on a weekend and found something like half the users desks had at least one password inscribed somewhere that could easily be found. I recently horrified a customer when I handed them a large number of passwords that I surreptitiously extracted from their PDA phone.

The more complex the pass phrase, the greater the tendency to inscribe it somewhere. Were I to attempt a breakin, it would not be by sniffing traffic and decryption. It would be by social engineering and scanning your computer for the pass phrase. I really like Google Desktop Search, which is much quicker than Windoze Search. I try various buzzwords such as WPA, passwd, password, router, etc and usually find something. Of course some users (like me) encrypt their password files, but that's usually with a trivial key or something far less secure.

In my highly biased and occasionally humble opinion, the right answer is to avoid passwords in any form. Use a RADIUS server or service, which issues one time unique WPA keys and be done with it. I've previously ranted on the subject of why I detest passwords in detail (and don't wanna do it again).

Want real password security? Then ban Post-it notes.

Incidentally, one of the jokes I was thinking of trying is to make a scratch pad with: System Login Password columns on it. I'm sure quite a few people would use it. If I make the paper an easily recognizable color, it should be easy to find in any office.

On Tue, 08 Aug 2006 08:59:36 -0700, Jeff Liebermann wrote in :

Unfortunately, that won't solve the problem in and of itself, since most RADIUS authentication is based on [drum roll] passwords. It does eliminate the risk of Pre-Shared Key, but by swapping it for the risk of passwords, which can be a poor tradeoff IMnsHO. Authentication is a bitch.

PMFBI but Incorrect. In the given context it /is/ strong.

Thats a different issue. The pwd is unlikely to be guessed, which, since its owner has memorised it and doesn't therefore need to write it down, is the pertinent sense.

Graphite pencils work well on the underside of keyboards... :-(