Apple Slips WPA Security into Original AirPort Cards
Apple’s recent AirPort 3.3 software update extends a new, robust security option to users of the original AirPort Cards as long as they are running Mac OS X 10.3 Panther. The new security standard, known as WPA (Wi-Fi Protected Access), repairs holes in WEP (Wireless Equivalent Privacy), an earlier standard that allowed, among other problems, an encryption key to be cracked with relative ease with freely available software. AirPort 3.3 is available via Software Update or from the link below, which also offers additional information. It’s an 8.5 MB download.
Apple’s previous AirPort 3.2 release updated the AirPort Extreme Card and AirPort Extreme Base Station, which use the newer 802.11g standard of wireless networking, to offer support for both a personal and a business-class flavor of WPA. The AirPort 3.3 release includes support for older 802.11b AirPort Cards, but not AirPort Base Stations, and installs only under Panther.
Information provided by Proxim, the company that purchased the Orinoco line of wireless cards and access points from which the AirPort Card and AirPort Base Station were derived, has already stated that there is no way to provide WPA support in the gateway product that they made, which is functionally identical to the AirPort Base Station. So don’t look for an upgrade there.
If you want the security of WPA without the cost of an AirPort Extreme Base Station ($200 or $250), you could consider a Linksys WRT54G, which relies on the same chips as the AirPort Extreme series, supports WPA, and costs $80 at Amazon.com at this writing. The Linksys unit doesn’t bridge AppleTalk, so older printers and AppleShare servers that rely on AppleTalk won’t pass it between wired and wireless network segments.
Should you use WPA now that it’s available as an AirPort update? It’s not necessarily a simple question. If you own a WPA-equipped wireless gateway (AirPort Extreme or other); and if all the machines on your network are running Panther with AirPort 3.3 and capable AirPort, AirPort Extreme, or third-party wireless cards; and if you never expect guest users who wouldn’t have Panther or Windows XP with the WPA patch installed to access your network; and if you already use encryption on your network…
Then, in a word, yes. By all means, turn WPA on, as it almost entirely removes the possibility that anyone will be able to access your network without your permission unless they talk you out of the password you chose.
One more proviso: WPA has a tiny, hidden weakness that’s quite severe but easily overcome. Don’t choose a WPA password that’s fewer than 20 characters and composed only of words found in an international dictionary. A well-known security expert found that it could be possible for a cracker to discover such short, easy-to-remember passwords.