# Does Kindle support WPA2 63 digit alpha-numeric key?



## Smirnoff (Dec 28, 2010)

I set up my friend's router so that he could wirelessly connect his laptop using WPA2 with a 63 digit alpha-numeric key.
He bought a Kindle for his wife this Christmas and tried to connect it wirelessly to his router, no luck so far
Have got to go round and try to sort it out for him today.

1. There seems no easy way to enter the encryption key as the as the dialogue box only holds 32/36 characters.
2. Is it necessary to enter the 63 digit code or would the 10 digit wireless key on his router suffice?
3. Do I have to enter the Kindle in his router as some sort of gaming device (port forwarding)?
4. Will I have to change all his wireless settings to a smaller encryption key?

There are conflicting posts on this. Some say Kindle will accept 63 digits, others say 10 digit router wireless key will suffice.

Can someone clear this up once and for all please? Thanks


----------



## CathyQuinn (Dec 9, 2010)

I saw a thread on this recently, the discussion didn't seem to resolve the issue.

I would suggest going straight to the source, Kindle customer support. I hear their service is excellent, as long as you go to KINDLE customer support and not AMAZON customer support.


----------



## Smirnoff (Dec 28, 2010)

CathyQuinn said:


> I saw a thread on this recently, the discussion didn't seem to resolve the issue.
> 
> I would suggest going straight to the source, Kindle customer support. I hear their service is excellent, as long as you go to KINDLE customer support and not AMAZON customer support.


Thanks for your reply, may well have to go to Kindle support. In the meantime I will reduce WPA2 encryption key to 10 digits and try that. It will still have high security.

When searching for similar posts, I found the web full of confused people trying to sort this out.

Would have thought that Kindle would have issued some sort of statement or listed the problem in FAQs by now.


----------



## hidden_user (Dec 20, 2010)

I have WPA2/WPA set on a Linksys E2000 and never had an issue or a drop.

I don't know about the length of the password. I googled but didn't come up with anything. My own network password is only 8 characters long.

I do KNOW that the SSID HAS to be broadcast (at least on my Linksys) and Kindle will NOT connect on a wireless "N" network ... NOR will it connect on a 5 GHz band.

Except for the password length which I don't have lots of experience with, if you have it set to broadcast SSID on a 2.4 GHz "G" band ... you SHOULD be good to go. However, I don't know what other restrictions you may find in the router set up.

If push comes to shove and everything looks set right but the Kindle will still not connect, I would reset the router to default settings (using the reset on the back if it has one) .... If the Kindle connects, I would THEN start changing/restoring settings one at a time until I found the setting(s) that caused the connectivity issue.

Please let us know how things turn out.


----------



## Smirnoff (Dec 28, 2010)

My friend's router is relatively new, so will check out if "N" is enabled. Thanks


----------



## Ann in Arlington (Oct 27, 2008)

hidden_user said:


> I do KNOW that the SSID HAS to be broadcast (at least on my Linksys)


SSID does NOT have to be broadcast . . .you can enter it in the 'set up wifi' area under settings on the Kindle. At least, our eHome router does not broadcast the SSID and I had no problem.

I think you're right, though, about the 'n' and '5 GHz' problem.

I have also heard of folks who had trouble with a password/security key that has non alpha-numeric characters. Remember, the wireless receiver in the Kindle is not nearly as robust as that in the average laptop. You have to enter symbols with extra key presses and the router may be seeing them as additional characters. 

That said, at my dad's house, his SSID is broadcast and my Kindle found his network right away. . . .I selected the network entered his pass phrase (thisisourfathershouse or something like that -- definitely longish but all letters) and connected right away.


----------



## hidden_user (Dec 20, 2010)

Ann in Arlington said:


> SSID does NOT have to be broadcast . . .you can enter it in the 'set up wifi' area under settings on the Kindle. At least, our eHome router does not broadcast the SSID and I had no problem.


That's something I haven't tried doing on the Kindle (manually entering the SSID and so forth) Hmmmmm


----------



## waynep (Dec 22, 2009)

Try making a smaller WPA2 key. 63 digits is secure, but sure is a pain in the backside. Mine is 9 digits. The goal is to be secure but still easily be able to add devices like the Kindle when you want to. The 63 digit keys, usually totally random, are secure but overkill. Entering 63 digits into a Kindle is sure a pain.

Not broadcasting the SSID does nothing for security. The easiest way to setup a home wireless network with enough security to keep other people out, is to simply turn on WPA2 using a pass phrase of reasonable length. Something like "Ge0rgew3ntsh0pping". It's fairly easy to remember and use, but still very hard to guess.


----------



## Ann in Arlington (Oct 27, 2008)

hidden_user said:


> That's something I haven't tried doing on the Kindle (manually entering the SSID and so forth) Hmmmmm


When you go to settings with WiFi turned on, of course it won't find the network. But you click 'view' and there's an option at the bottom that syas "enter other WiFi network". Click on that and it allows you to enter the network name and password. There's a link there that says 'advanced' so if you you need to enter iP addresses or anything more like that you can. I've not needed to do that myself.


----------



## hidden_user (Dec 20, 2010)

Thanks Ann.

I'm with Waynep concerning the security overkill. I'm sure there are incidences somewhere in which the SSID should not be broadcast but that is not a concern of mine in the small Southern town I live in. I had seen the feature you explained so well, but have not used it nor had a need to. I still haven't tried it out LOL. No need to ... I know it would work, based on your experience


----------



## waynep (Dec 22, 2009)

hidden_user said:


> Thanks Ann.
> 
> I'm with Waynep concerning the security overkill. I'm sure there are incidences somewhere in which the SSID should not be broadcast but that is not a concern of mine in the small Southern town I live in. I had seen the feature you explained so well, but have not used it nor had a need to. I still haven't tried it out LOL. No need to ... I know it would work, based on your experience


Not Broadcasting SSID's is "security by obscurity" . . An average person won't see the SSID. However Computer savvy people, can download something like kismet http://www.kismetwireless.net/ and find your SSID in a matter of minutes. It's not rocket science. A simple google search reveals this in a matter of seconds.


----------



## hidden_user (Dec 20, 2010)

waynep said:


> Not Broadcasting SSID's is "security by obscurity" . . An average person won't see the SSID. However Computer savvy people, can download something like kismet http://www.kismetwireless.net/ and find your SSID in a matter of minutes. It's not rocket science. A simple google search reveals this in a matter of seconds.


And ?? ... how far would they have to be from my house? Plus, I monitor how many devices I have connected on wireless, through the Cisco Connect interface. I guess it's just a matter of of one's own personal level of comfort and/or circumstance. Even if someone did get onto my hot spot, they couldn't get into my computer because of other PC security measures I've taken. On the other hand, if someone wanted something bad enough they could get it one way or the other because anything is possible. After all, everything is just 1's and 0's. You're right, it's not rocket science.

Now you're getting me all paranoid and stuff HA !!! I might have to try Ann's suggestion. Stop harshing my calm man


----------



## Ann in Arlington (Oct 27, 2008)

The only reason we have the SSID not broadcast is because we had an old TiVo that wouldn't talk to the network if it had a password.  Now, we have a lot of neighbors with any number of networks available, many of which are not secure (though fewer than a few years ago -- people are getting smarter).  But the TiVo would talk to the netwrok as long as we told it the SSID.

Anyway, we figured that if someone came into the neighborhood -- and, by the way, we're practically at the end of a dead end street and our network doesn't broadcast much beyond the walls of the house -- looking for free WiFi, they'd use one of the open networks first.  The new TiVo is happy to recognize a password, but we left the SSID masked just because.


----------



## waynep (Dec 22, 2009)

hidden_user said:


> And ?? ... how far would they have to be from my house? Plus, I monitor how many devices I have connected on wireless, through the Cisco Connect interface. I guess it's just a matter of of one's own personal level of comfort and/or circumstance. Even if someone did get onto my hot spot, they couldn't get into my computer because of other PC security measures I've taken. On the other hand, if someone wanted something bad enough they could get it one way or the other because anything is possible. After all, everything is just 1's and 0's. You're right, it's not rocket science.
> 
> Now you're getting me all paranoid and stuff HA !!! I might have to try Ann's suggestion. Stop harshing my calm man


What I am saying is not broadcasting SSID's does not accomplish any real security. WiFi is pretty much line of sight. With average laptops and routers, a couple houses away in an average neighborhood is about the distance limit. I have a wifi dish antenna that I could use to pick up a signal a lot farther than that. My dad used it in his RV to connect to a marina across a bay once. I think that was about 3/4 of a mile, maybe a mile.

To secure your wireless network, turn on WPA2. WPA2 encrypts the data between devices and your access point (router) in such a way that it cannot be broken by anyone with a PC, at least not in the next several years. It keeps your traffic safe, and keeps people from connecting to your wireless network unless they have the key (password).

A password of 63 random characters like this: t8ETGxbYFOwSaf3WwivIoY0LUPjdcmQ4SPQq23wGxwuTcYGtXCxsOjYFerZkyr9 is overkill. I am going to type that into my Kindle? Please 

An example: A passphrase like "mydoggylovesme" with a few numbers thrown in and odd capitals, "Myd0ggylov3smE" is a real good password. It's hard to guess, not in any dictionaries, and is not too hard to remember. 4 words in that pass phrase and each one in modified only once. Pass phrases are as easy to recall as a single pass"word".


----------



## waynep (Dec 22, 2009)

Ann in Arlington said:


> The only reason we have the SSID not broadcast is because we had an old TiVo that wouldn't talk to the network if it had a password. Now, we have a lot of neighbors with any number of networks available, many of which are not secure (though fewer than a few years ago -- people are getting smarter). But the TiVo would talk to the netwrok as long as we told it the SSID.
> 
> Anyway, we figured that if someone came into the neighborhood -- and, by the way, we're practically at the end of a dead end street and our network doesn't broadcast much beyond the walls of the house -- looking for free WiFi, they'd use one of the open networks first. The new TiVo is happy to recognize a password, but we left the SSID masked just because.


In some circumstances it may makes sense to use. if you are surrounded by people with open networks and some kid just wants on any network, than that may work. As long as you understand that hiding the SSID does not in any way secure your wireless network, except maybe from someone looking to easily get on any network, if there are other open networks in range also.

My issue is people think they are really providing some level of security for their wifi networks by not broadcasting the SSID, when in reality, they are not.


----------



## Ann in Arlington (Oct 27, 2008)

waynep said:


> In some circumstances it may makes sense to use. if you are surrounded by people with open networks and some kid just wants on any network, than that may work. As long as you understand that hiding the SSID does not in any way secure your wireless network, except maybe from someone looking to easily get on any network, if there are other open networks in range also.
> 
> My issue is people think they are really providing some level of security for their wifi networks by not broadcasting the SSID, when in reality, they are not.


I would argue that hiding the SSID does provide 'some level of security' but it may not be what you feel is sufficient. Fair enough. But I think that this discussion is really not the point of the original post. . . .people will use what level of security they feel is appropriate. . .and, really, it isn't anyone else's business to tell someone it's too much or two little. "Anyone else" can choose a different security scheme. I frankly don't worry or even think about what security measures my neighbors and friends use. 

Now, the original question was about whether the Kindle will be able to be connected with a 63 digit key. . . .I think the answer is "it's problematic". But if that's the level of security you want or need, then that's the way you should go. But you may not be able to get the Kindle to connect. Or, you could choose to change your security so that you can connect the Kindle. Either one is o.k.


----------



## Sandpiper (Oct 28, 2008)

HUH?    Me no techie.  So there was no question about it, I got a K3 wifi+3G.  I'm Mac and have an AirPort Extreme router.  No problems getting on it.


----------



## Smirnoff (Dec 28, 2010)

waynep said:


> Try making a smaller WPA2 key. 63 digits is secure, but sure is a pain in the backside. Mine is 9 digits. The goal is to be secure but still easily be able to add devices like the Kindle when you want to. The 63 digit keys, usually totally random, are secure but overkill. Entering 63 digits into a Kindle is sure a pain.
> 
> Not broadcasting the SSID does nothing for security. The easiest way to setup a home wireless network with enough security to keep other people out, is to simply turn on WPA2 using a pass phrase of reasonable length. Something like "Ge0rgew3ntsh0pping". It's fairly easy to remember and use, but still very hard to guess.


I have now changed my friend's security key to a 10 digit alpha-numeric and have connected successfully.

With WPA2 I realise this is still very secure even though his router doesn't have the "overkill" of a 63 digit password/key.

I realise the Kindle is designed to be used "on the hoof" and easy connection to a wifi source is desirable but every other new device I have encountered can handle a 63 digit code.

Manufacturers wouldn't dream of releasing a new product that only had WEP capability, it would be financial suicide.

To have to reduce the security of all other devices linked to your router (whether still highly secure or not) is not the best advertisement for a new product.


----------



## Elk (Oct 4, 2010)

Smirnoff said:


> To have to reduce the security of all other devices linked to your router (whether still highly secure or not) is not the best advertisement for a new product.


An interesting point.

There are enough people paranoid enough to use monstrous pass codes that it makes sense to be able to handle them. This is easier than trying to get people to understand that they do not need such codes.


----------



## tsemple (Apr 27, 2009)

To answer the original question, K3 will accept a 63 character WPA2 key, as mine did. The password field is not wide enough to display markers for 63 characters, but you can keep typing characters to at least a length of 63, and probably longer if you need that. Kindle displays the last character typed in 'clear text' so you can track your typing progress. You should not have to do anything special in terms of port forwarding, etc.

Another way to go would be to enable a 'guest' zone that requires a much less secure password (or no password), but no access to other computers/printers on the local network. Kindle doesn't need the latter unless you have calibre or some other web server set up that you want to access with Kindle.


----------



## Smirnoff (Dec 28, 2010)

Elk said:


> An interesting point.
> 
> There are enough people paranoid enough to use monstrous pass codes that it makes sense to be able to handle them. This is easier than trying to get people to understand that they do not need such codes.


I have read that WPA2 is "uncrackable" - famous last words?

I would think in terms of "hasn't been cracked yet".

The point I wish to make is that if a 63 digit "overkill" code is available, then why NOT use it?

An analogy that comes to mind is: If you had the chance to wear a bullet-proof vest that stops all known bullets or one that stops new bullets under development as well, which one would you choose?

What is classed as "overkill" at the moment may be the minimum requirement in the future.


----------



## Smirnoff (Dec 28, 2010)

tsemple said:


> To answer the original question, K3 will accept a 63 character WPA2 key, as mine did. The password field is not wide enough to display markers for 63 characters, but you can keep typing characters to at least a length of 63, and probably longer if you need that. Kindle displays the last character typed in 'clear text' so you can track your typing progress. You should not have to do anything special in terms of port forwarding, etc.
> 
> Another way to go would be to enable a 'guest' zone that requires a much less secure password (or no password), but no access to other computers/printers on the local network. Kindle doesn't need the latter unless you have calibre or some other web server set up that you want to access with Kindle.


Thanks, at least I now know that should my friend wish to revert to a 63 digit code for his router, Kindle WILL accept it.


----------



## Elk (Oct 4, 2010)

Smirnoff said:


> The point I wish to make is that if a 63 digit "overkill" code is available, then why NOT use it?


You certainly can if you want to put up with the bother. We know the Kindle will handle it as well.

As a practical matter, the algorithm behind WAP2 is astoundingly strong. Unless someone finds a flaw (unlikely given how long it has been out and challenged) it can be broken only by brute force. To use your firearms analogy, this is like someone trying to shoot through the earth with an air gun.

The time estimates necessary for this to occur are mind numbing - in the billions of years.

I don't plan to live that long.


----------



## waynep (Dec 22, 2009)

Smirnoff said:


> The point I wish to make is that if a 63 digit "overkill" code is available, then why NOT use it?


I better preface this with all this is my opinion . . . . and I am not telling you what you need to do, just providing information so you can make your own decision.

For the best security, then yes a 63 bit key is the best you can do. If that's what you feel you need, then use it. The more random the key is the better. Here is a random key generator. https://www.grc.com/passwords.htm

So let's step back a bit. Sometimes I think people lse sight of the real goal, and get caught up in the technology capabilities. What's the goal here? I think the goal is to keep someone from either using your network, or seeing your wireless network traffic. Why? To protect your data. Right? To do that we need encryption and a key. WEP is broken and I don't recommend it at all. it used to be good, but now it's horribly easy to crack with an average laptop. So WPA and WPA2 is what I would recommend. They require a key. WPA2 using a simple single word key like "rock" can be cracked in a short period of time with a laptop. Running through a dictionary is easy so there is a list of bad keys right off the bat. Keys should not be dictionary words.

A secondary goal should be the ability for the network owner to be able to manage the network easily. If we're talking computers, laptops etc, then the 63 bit key is easy. Store it on a USB thumb drive and copy/paste it into place when needed. Now enter the Kindle, Xbox's, and other things where the USB idea is not feasible. You now have to type in that 63 bit key. Try that on an xBox using the on screen keyboard and the controller. Two hours later, I would need a drink! Now imagine a friend comes over with their laptop, you need to give them the key to use your network. After they leave, you would want to change the key which has to be done on all the devices. Again you have to deal with those 63 characters. Why not use a shorter key? Is ti less secure? Somewhat . . My key is 9 characters and I'll bet it won't be broken soon. The key to keys, is making then random. The more random the better. The more random the harder to remember. hmmm . . another issue. Remembering the key. "rock" stinks as a key. "r0Ck" is a much better key. Why? It's not in the dictionary for starters and has some random changes that are not obvious. . The first is a set pulled from 26 characters. How long of a key is a good key?

Here is an approximation for the time required to break a WPA2 key, assuming random characters, which means non-dictionary words etc.

CharactersYears712.48446.99916,09210579,299

This is 2005 data so times would be different now since computers are faster, but it still represents a long time. You can imagine if we carried this table out to 20 characters. Even using today's PC instead of 2005's, it would still be a long long time.

So my point is this: Yes 63 bits is secure, very very secure. If you want to use it fine. I just feel like it's overkill and prefer some ease of managing my network. My key is 9 characters. It's 3 words that I have mashed together, made some characters capital, some lower case, and some are replaced with numbers like the "r0Ck" example. It's easy to remember. If someone comes over and I wish the let them on my network, then I can tell them the key, and if I decide to change it later, I can make up with another similar key in the 8-15 character range that I can remember and quickly change all my devices.


----------



## Smirnoff (Dec 28, 2010)

waynep said:


> This is 2005 data so times would be different now since computers are faster, but it still represents a long time. You can imagine if we carried this table out to 20 characters. Even using today's PC instead of 2005's, it would still be a long long time.


Thanks for a very detailed response.

I can't argue about the fact that a 63 digit key is a pain to enter into a device with no USB copy/paste facility.

Yes, I suppose I am "paranoid" in that I tend to think of "Lies, damned lies and statistics".

As you say, 2005 data may have changed because computers are faster but that is only one factor. The very fact that WPA2 with a 63 digit code is deemed unbreakable will be seen as a challenge to every hacker on the planet.

I tend to agree with you that it will take a very long time to crack and I will probably be long dead by then. So I won't labour the point.

Just can't help thinking of what the original estimate was on how long it would take to crack WEP.


----------



## Elk (Oct 4, 2010)

Smirnoff said:


> The very fact that WPA2 with a 63 digit code is deemed unbreakable will be seen as a challenge to every hacker on the planet.


This has been the case since the early 2000's. It is also subjected to many professional challenges (universities, etc.). There are technical reasons as to why it is so strong.

It is worth keeping in mind that there is nothing sufficiently appealing about any of our personal networks to justify a sustained, concerted attack. A hacker team with multiple supercomputers is not sitting outside your home right now trying to hack your network.

Or are there black helicopters routinely circling your house?


----------



## waynep (Dec 22, 2009)

Smirnoff said:


> Just can't help thinking of what the original estimate was on how long it would take to crack WEP.


It's not that it became computationally easy to crack, they found a flaw in WEP. Until they find a flaw in WPA or WPA2, that's the best we have . . .


----------



## Smirnoff (Dec 28, 2010)

Elk said:


> A hacker team with multiple supercomputers is not sitting outside your home right now trying to hack your network.


I know hackers are not interested in my personal network, I was merely saying that cracking WPA2 is still a challenge.

Have accepted most of the points made in this thread but until I need to connect a device that will not accept a 63 digit code, I will keep the strongest key available.

As regards the unbreakability of WPA2 - never say never.


----------



## Smirnoff (Dec 28, 2010)

waynep said:


> Until they find a flaw in WPA or WPA2, that's the best we have . . .


I rest my case.


----------



## Elk (Oct 4, 2010)

Smirnoff said:


> . . . until I need to connect a device that will not accept a 63 digit code, I will keep the strongest key available.


At times we all do things just because we can. 

There is nothing wrong with using a 20 digit, 30 digit or even 63 digit passcode - as long as one understands it is doing absolutely nothing other than making it more awkward to manage the network.



> > Until they find a flaw in WPA or WPA2, that's the best we have . . .
> 
> 
> I rest my case.


If there is a flaw in WPA it will not matter how long your passcode is. This is another reason to keep it simple.

Digital security systems are hard to wrap one's head around. I suspect because there is no good analog in the physical world.


----------



## palaran (Dec 29, 2010)

Somebody asked earlier whether non alphanumeric characters cause any problem. My WPA key has such characters and I have been able to connect with no problems.

If there were any problems I could of course use any of the 3 open wifi networks I can currently detect in my block of flats. Some very trusting people living here.....


----------



## Elk (Oct 4, 2010)

palaran said:


> Somebody asked earlier whether non alphanumeric characters cause any problem. My WPA key has such characters and I have been able to connect with no problems.


Excellent information. Thanks!

It's unfortunate, and surprising at this late stage, that so many do nothing to secure their networks. This is probably good for the rest of us however; why bother with a secured network when you have an open one to play with?


----------

