← Back to main page

Study on Windows XP & Wi-Fi  -  March 2006

Here are a few tests I made on Windows XP to figure out how was the security feature of Wi-Fi configurable by the end user.

Ad-Hoc network (the checkbox This is a computer-to-computer (ad hoc) network; wireless access points are not used is checked).
Network Authentication: Open Shared WPA-None ¿WPA2 or WPA2-PSK?
Data encryption: Disabled WEP Disabled WEP TKIP AES probably
similar to
WPA-None
Key: auto auto specified auto specified auto specified specified specified
Encryption power (in bits): ? ? 40 104 ? 40 104 ? 40 104 128 256 128 256

Infrastructure network (the checkbox This is a computer-to-computer (ad hoc) network; wireless access points are not used is not checked).
Network Authentication: Open Shared WPA WPA-PSK WPA2 WPA2-PSK
Data encryption: Disabled WEP Disabled WEP TKIP AES TKIP AES TKIP AES TKIP AES
Key: auto auto specified auto specified auto specified auto auto specified specified auto auto specified specified
Encryption power (in bits): ? ? 40 104 ? 40 104 ? 40 104 ? ? 128 256 128 256 ? ? 128 256 128 256

Explanation:
Key:
        auto → the checkbox The key is provided to me automatically is checked (the password is generated automatically)
        specified → the checkbox The key is provided to me automatically is not checked (the password has to be specified)
Encryption power (in bits):
        40 bits: 5 ASCII characters or 10 hexadecimal characters
        104 bits: 13 ASCII characters or 26 hexadecimal characters
        128 bits: 8 to 63 ASCII characters or 64 hexadecimal characters (should be 32 hexadecimal characters)
        256 bits: 8 to 63 ASCII characters or 64 hexadecimal characters (the ASCII characters undergo a hash function to reduce the size of the key to 256 bits) (explanation here))

Advice: do NOT use Open or Shared, these methods are proven not to be secured.
For the Open and Shared methods, the 40 bits encryption is often call 64 bits, & the 104 bits encryption is often called 128 bits (because an Initialisation Vector (IV) of 24 bits is added to the password). A 232 bits encryption also exists (often called 256 bits); the password consists in either 29 ASCII characters or 58 hexadecimal characters). Even this 232 bits version is not secured enough. The best choice is to use WPA/WPA-None/WPA-PSK & AES; WPA & TKIP is also still good; WPA2 would be the very best option.

Tests operated with a D-LINK DWL-122 (802.11 b, certification) & a FreeBox card (3rd generation, WPCB-104GB, 802.11b/g, Broadcom chipset using the WL-611 driver from Sparklan) on Windows XP Professional Edition SP2. The AES is not available on the DWL-122. Some patches may be necessary to install to support WPA &/or WPA2 on Windows (as for example the KB893357). Please take an eye to the section What Others Are Downloading - Others who downloaded Update for Windows XP (KB893357) also downloaded: [...] of this page. WP2 tests done with a Netgear WG511T (certification), no WPA2 for ad-hoc on this card.

Other informations:
The Infrastructure network WPA (called WPA-Enterprise) (not the WPA-PSK; also called WPA-Personal) needs a 802.1X (Radius) server.
It saves a lot of time to specify manually the IP addresses during an ad hoc connection (using Internet Protocol (TCP/IP); Properties); & detecting only the ad hoc connections (using Advanced; Networks to access; Computer-to-computer (ad hoc) networks only).
http://download.microsoft.com/download/8/8/1/88165179-972e-4d17-b964-6f2929cb28dd/infosec-2003-wifi-pascals.ppt
http://www.csiesr.jussieu.fr/IMG/pdf/present-wifi-cisco.pdf
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wificomp.mspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=67fdeb48-74ec-4ee8-a650-334bb8ec38a9&displaylang=en
Valid XHTML 1.0 Transitional