Talk:Wi-Fi Protected Setup

"Broken" standard

"Wi-Fi Protected Setup (WPS; originally Wi-Fi Simple Config) is a broken network security standard"

Should "broken" be cited? I initially thought this was vandalism until I read the rest of the article. — Preceding unsigned comment added by 71.38.141.153 (talk) 21:41, 27 December 2013 (UTC)

Who knows what it means? Poor writing. It's certainly a vague term that could be clarified by a few words. — Preceding unsigned comment added by 71.138.23.59 (talk) 05:02, 18 February 2014 (UTC)

STA

The acronym STA is mentioned a few times, but there is no definition or link. — Preceding unsigned comment added by 173.76.245.58 (talk) 16:36, 29 December 2011 (UTC)

Fixed. --Dfred (talk) 15:20, 2 January 2012 (UTC)

Out-of-band

It says here: "The last two models are usually referred as Out-of-band methods as there is a transfer of information by another channel than the Wi-Fi channel itself."

But PIN (method 1) also involves transfer of information other than via the Wi-Fi channel; in this case the operators brain and fingers. Why is that not out-of-band? 193.113.48.7 (talk) 14:30, 3 November 2009 (UTC)

While it is true the PIN is carried out-of-band, I suspect for the method to be considered truly out-of-band no part of the transaction can take place in-band. As can be seen in the description of the PIN method, most of it is conducted using the wifi channel itself. As noted in the article, it would be good to have better references for these descriptions of the protocol. --Dfred (talk) 15:32, 2 January 2012 (UTC)

Google search

Searching Google for WPS gives this article as the first result, but in the text it gives this:

"Wi-Fi Protected Setup (WPS; Witun Pieni Siitin Wi-Fi Simple Config) is a computing standard for easy and secure establishment of a wireless home network. ..."

'Vitun pieni siitin' means damn small penis in finnish. It seems like a Google problem, but i was wondering how to approach that? Something should absolutely be done about this.

SecureEasySetup

There was an article for SecureEasySetup that was unrelated to this one and that sounded like marketing from one of the vendors. So, I created a redirect to this page from that one with a note that it's another term for the same technology. Hope this helps people get unbiased information. I stumbled upon this myself when researching SES upon finding the option buried in my router's setup page and not being sure if that was or wasn't WPS. *sigh*. 67.255.2.68 (talk) 06:49, 11 January 2012 (UTC)

I have rolled-back the attempted redirect for now. That article definitely has issues, but I think more information is needed about the origins of SES and how exactly it relates to WPS before it is redirected here. I would also like to find some solid references about whether SES (notably on Cisco/Linksys devices) really does mean WPS. And even if SES does mean WPS now, given SES apparently predates the WPS standard it seems entirely possible that it was not always this way. (And just as an aside, I cannot understand why some vendors are allowed to use their own non-standard names for WPS. Why would compliance certification not mandate the use of proper terminology?) --Dfred (talk) 20:44, 12 January 2012 (UTC)

Irrelevant 'twit.tv' links removed.

Security Now, episode 335^[1], which is a podcast hosted by the Twit Network, has went into an in depth discussion on what this vulnerability is. He talks about the PIN numbers and hashing. It talks about how this is possible and why simple is never better!

Content is not really relevant to the article, and seems to be promoting the twit.tv, more than providing encyclopedic information. I've left the copy here in case anyone can justify this being there. 49.196.198.88 (talk) 13:25, 16 January 2012 (UTC)

References

1. http://twit.tv/show/security-now/335

WCN is Windows implementation of WPS

Introduction part of 17:31, 25 February 2012‎

states that

Prior to the standard, several competing solutions were developed by different vendors to address the same need, including Broadcom's SecureEasySetup, Buffalo's AOSS, Atheros' JumpStart, Intel's Smart Wireless Technology, and Microsoft's Windows Connect Now.[2]

However it is implementation of WPS rather than alternative technology: About Windows Connect Now

Windows Connect Now (WCN) provides a simple and secure mechanism for network access points and devices (like printers, camera, and PCs) to connect and exchange settings. This API is the Microsoft implementation of the Wi-Fi Protected Setup (WPS)/Wi-Fi Simple Configuration (WSC) protocol, which was created by the Wi-Fi Alliance as a solution for home networking and small businesses. This technology is not intended for enterprise scenarios.

Note The specification name changed between version 1.0h and version 2. The version 1.0h specification was named Wi-Fi Protected Setup (WPS). Starting with version 2 specification, the specification is named Wi-Fi Simple Configuration (WSC). In our documentation, the terms WPS and WSC are used interchangeably unless noted.

Windows Connect Now enables applications to search for WCN-capable devices using the Function Discovery API. The scope of a search can be narrowed down to a specific SSID, state, category, or even broadened to include all WCN-capable devices. Once devices are located, the WCN API allows communication with the WCN-capable device in order to facilitate configuration or connectivity.

"Representant"?

What is a representant of a network? I have never heard about that before. Is it offical WiFi Alliance terminology? Can we make a link to an article explaining the term/concept? What is it if it is not the AP?

Probably the author meant "registrar". Registrar is explained in the article. Regards, PeterEasthope (talk) 16:48, 15 January 2017 (UTC)

And how is the pin entered into the AP? I assume that must be done via a computer (telnet or webinterface) but how is that easier for a user to do than to just to enter the passphrase on the connecting device? It does not sound like usability to me, and I suspect that it is all about smth else.

176.235.242.216 (talk) 10:28, 10 March 2012 (UTC)

A device can have display and data entry capabilities built in but that is unusual. Commonly the pin is entered via an HTTP/HTML based administrative interface. The pin method is explained in the article and the explanation needs improvement. Both registrar and enrollee need to have the pin. ... PeterEasthope (talk) 16:48, 15 January 2017 (UTC)

Idiots defining standards

the registrar reports the validity of the first and second halves of the PIN separately

Dude. You don't even need a cryptography degree, anyone with a TENTH of a brain will IMMEDIATELY recognize that this basically eliminates the PIN entirely.

Are the idiots already in the top positions at tech firms? — Preceding unsigned comment added by 82.139.196.68 (talk) 20:07, 28 April 2012 (UTC)

I suspect this and other moronic vulnerabities in commercial products of a similar flavour may be deliberately introduced to facilitate quick techical intervention by certified technicians (who are in the know), such as rescuing a user who has inadvertently messed with the config and locked himself out of the device. Many years ago there used to be 'master keys' supposedly known only to techs, but that fast turned into an all-out abuse fest. These dumb vulnerabilities may at least be not so conspicuous. In the end, probably, abuse will be commonplace as soon as reliable and simple to use exploit tools become available. The manufacturers simply expect to make $$$ in the meantime by marketing a 'user-friendly', supposedly secure feature. — Preceding unsigned comment added by 85.244.11.201 (talk) 00:16, 29 August 2012 (UTC)

Too technical

This article is utterly useless to anyone who is not already an expert. — Preceding unsigned comment added by 184.147.122.14 (talk) 00:31, 17 March 2014 (UTC)

WPS button

Today I set up a wireless device - at one point it said to press the WPS button on the wireless router within the next two minutes. I did that and it connected, without having to enter the password. Is that a function of the WPS button (to connect w/o a password)? If so, that could be in the article. Bubba73 ^{You talkin' to me?} 03:55, 7 March 2015 (UTC)

"A major security flaw ..."

The sentence beginning "A major security flaw ..." is awkward. Any objections to revising the paragraph as follows?

A major security flaw exploiting WPS was revealed in December 2011. With a brute-force effort of a few hours, an attacker at a remote location can recover the WPS PIN and then the WPA/WPA2 pre-shared key. Most recent models have WPS enabled by default. Users have been urged to disable WPS when possible.

Regards, ... PeterEasthope (talk) 15:32, 15 January 2017 (UTC)

References

multiple usb universal port

its in my hardware drive that was cause of problem — Preceding unsigned comment added by 49.147.33.51 (talk) 08:00, 18 June 2019 (UTC)

WPS should extremely rarely if ever be used, it exposes your network for a manually determined duration of time. Your grammar is tough to follow, what were you trying to do, or what did you fix? I think people would be interested in learning your solution. Cheers. From Peter. Vid2vid (talk) 19:30, 18 June 2019 (UTC)