WEP bug in Tomato?

Discussion in 'Tomato Firmware' started by neutralman, Jan 3, 2007.

  1. neutralman

    neutralman Network Guru Member


    I just found that Tomato v1.02 doesn't make the same WEP key as stock Linksys firmware

    I use the same word, press generate, but I have differenet HEX keys

    when I use Linksys WEP (passphrase=shack) I can connect entering "shack" in WinXP

    when I use Tomato WEP key (same passphrase) I can't connect entering shack in WinXP


    Tofu, please comment
  2. orangekay

    orangekay LI Guru Member

    I get different output from every WEP key generator I've tried; doesn't mean any of them are necessarily buggy. Enter the hex key directly if you want it to work the same way on every OS out there.

    Also, 64-bit WEP isn't really going to do much for you security-wise. It's weak enough that you really might as well just turn it off altogether.
  3. dvaskelis

    dvaskelis Network Guru Member

    It does seem like a bug. If you haven't heard from him already, write him at the address at the bottom of the Tomato Firmware web page.

    While WEP has been broken, I think it's still better than nothing, in that it at least deters casual snooping.
  4. neutralman

    neutralman Network Guru Member

    wep key 64bit will keep average h4X0r at bay, because you would have to sit down in front of my house for at least 15 minutes. if you don't have the right tools it could take a few hours to collect enough data. turining off wep key, would mean almost everything in my network goes to the air unencrypted, I am not an idiot.
  5. orangekay

    orangekay LI Guru Member

    I'll take your word for it on the last part, but if they have to sit in front of your house to get a signal then why do you imagine yourself a target for "h4X0r"s in the first place?
  6. digitalgeek

    digitalgeek Network Guru Member

    XP is probably defaulting 128 when you entering a passphrase... try again with WEP at 128 in Tomato (128 is better any way)
  7. Devotedfollower

    Devotedfollower LI Guru Member

    does entering the hex instead of the passphrase at least work in xp? I mean, can't you just copy the hex down that is generated from the passphrase (which is from tomato)....?

    xp accepts both....as far as I can remember....

    if it does work, I wouldn't really call it a bug -- I seem to remember this exact problem happening on other routers I have setup in the past.
  8. digitalgeek

    digitalgeek Network Guru Member

    I have been using wep 128 since I ran linksys firmware (as well as w/thibor). only difference is I have always used the hex key, not the passphrase. you can copy and paste the wep key in XP, just press CTR+V on the key entry in XP.
  9. neutralman

    neutralman Network Guru Member

    well it is easier to remember passphrase, my brain don't like hex keys :)

    I use WEP64bit because of very small impact on troughput, WEP128bit takes a little bit more, WPA even more and so on...
  10. Devotedfollower

    Devotedfollower LI Guru Member

    yeah, I know about the throughput advantages....

    I still however stand by my original comment....which is other routers have been the exact same way....and I wouldn't call this a bug...more of any extra bonus....
  11. dvaskelis

    dvaskelis Network Guru Member

    WEP vs. WPA speed

    Actually, that's not quite correct.

    While Linksys WRT54G/GL/GS routers (and most Broadcom-based products) run their fastest with wireless security disabled, they also do AES in hardware so WPA-AES can be very close to the speed of no encryption.

    If you do some tests, you'll find WPA-AES is faster than WEP with your router. For example, here's a quote from from the wireless performance section of the SmallNetBuilder (formerly Tom's Networking) review of the WRT54GS: "[...] WPA-PSK with AES encryption imposes virtually no throughput penalty. Using [128-bit] WEP will cost you about 10% (33 vs 36 Mbps) and enabling WPA-PSK with TKIP extracts the worst penalty at about 17% (30 vs. 36 Mbps)."
  12. digitalgeek

    digitalgeek Network Guru Member

    I think the performance loss for 128 bit is insugnificant compared to the gain in security (despite the WEP short falls)

    If you want bandwidth- plugin!
  13. neutralman

    neutralman Network Guru Member


    tnx man, I fly over that review, but didn't notice WPA AES speed! now I changed from WEP64 to WPA personal AES :)

    I think it is better (and harder to crack) then WEP

    well my fun was short :(

    I use AP+WDS (WPA2 doesn't support WDS mode, only AP)
    WPA personal AES has some strange drops in WDS mode (WRT54G < WDS > WRT54G)???!

    I found this link http://www.genslernet.com/hyperwrt/index.html

    should I try with decreased GROUP KEY RENEWAL (default = 3600, if I put only 600 seconds, will it be better?)
    can anyone help me with this?
  14. Devotedfollower

    Devotedfollower LI Guru Member

    Nice, I know about this! Thanks for the info!

    @neutralman: I hope that everything works out with WPA-AES over WDS, keep me posted as I'll be doing something similar later on!
  15. neutralman

    neutralman Network Guru Member

    well it does not work correctly, while using WPA personal (v1, not v2) encryption AES, WDS go up and down on it's own, I don't know what is the cause of the problem, maybe group key renewal time?

    take a look at this link: http://www.genslernet.com/hyperwrt/index.html

    >The command is "nas4not lan wds0.2 up supplicant aes psk password linksys". Be sure to replace "password" and "linksys" with the WPA password and SSID you are using.<

    what does command "nas4not" actually do?
  16. pharma

    pharma Network Guru Member

    See if this works:

    Disable "Afterburner" on Advanced Wireless page.

    If no change, other suggestions will come from people since many here are using WDS + WPA (AES) with no problems.

  17. njeske

    njeske Network Guru Member

    i wouldn't call this a bug. i don't think windows XP supports entering passphrases on WEP or any encryption level. i've always had to enter the HEX key when using WEP on a windows XP machine no matter what router/firmware i was using.

    i use WPA at home and did speed tests on all the various encryption otions and found very little difference between them. if you want to use a word as a passphrase, go with WPA. it's more difficult to crack than ever 128-bit WEP.
  18. digitalgeek

    digitalgeek Network Guru Member

    When setting a "passphrase" treat it like any other password... and try not to use a simple word, as that is easier to crack. I usally use combiantions of letters and numbers.
  19. GeeTek

    GeeTek Guest

  20. digitalgeek

    digitalgeek Network Guru Member

    Thanks for the nas4not tip... I have been running AES now for about 2 days with know problems... I always had troubles with my Mac not reconnect after a sleep or a reboot. I am using a 12 digit passphrase, which is not a word (infact it's would not mean anything to any body else)... I have heard people use dictionary look ups and are able to hack WPA (although it takes time).
  21. neutralman

    neutralman Network Guru Member

    what is "nas4not" used for exactly?
  22. digitalgeek

    digitalgeek Network Guru Member

    not sure...

    nas4not is used to authenticate WDS links to the running nas daemon.

    I found this at: http://www.bingner.com/openwrt/wpa.html

    I do know it made a difference; I tried to use wds before without it and had problems... (with my mac) I have setup nas4not as explained above and not had any issues.

    I don't like to broadcast my ssid, which was a problem before... I'm not and everything is stable and faster the wep (internet feels/looks quicker).

    ...it's really cool to have a web page just appear not appear as it's being downloaded!
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice