Adding AES: DQ Tools Encrypter

Hello, DNSQueries.

Thank you for you helpful Firefox toolbar and the other services that DNSQueries offers.

I have just started using the toolbar (and need to post a positive review on Mozilla's add-ons site for Firefox and Thunderbird): Today I noticed the 'Encrypter' section of the 'DS Tools' section of your site: I have a rather large W/LAN, mainly because of dedicated Linux servers and test servers (and am using a Debian GNU/Linux 5.03 server heavily now to test a VPS for a client who must be HIPAA-compliant and, for instance, needs "end-to-end" security for health-care providers to upload digital sound files, which are dictated medical transcripts, to their SFTP accounts -- plus, I've known the CEO of the hosting service for 20 years and very politely let him know that I loathe Parallels' Plesk "control panel," which is always "bug-laden" and, because Google -- which is becoming the "Microsoft of the Web" and knows more about people than they realize -- acquired Postini after the hosting service had implemented it, I asked if I could install and configure Postfix, with Spamassassin, as the MTA for my client, rather than using Postini -- and that I would "clean up my own messes" and certainly did not expect support for any non-default software; Plesk nor Postini were installed on the VPS and I am humbled by the trust placed in me: I can set up Webmin, including writing my own modules in Perl, or I can access the Debian VPS via the Bash script and an SSH connection).

I have one router on my LAN that has two 802.11n internal antennas, and a notebook computer running 64-bit Debian Linux 5. I've always used WPA2-PSK/AES-256 to secure wireless connections, and Linux supports WPA2 Personal and Enterprise (although it seems counterproductive to set up a FreeRADIUS server so that one notebook can use an SSL certification for authentication).

My first router was a consumer-grade product and $270 (on sale). It lasted eight years and I had to reset it once after a power outage of several hours (and I had no UPS back then). When that router finally "died" and I had to replace it, I soon learned that consumer-grade (wired and/or wired/wireless) routers are inexpensive and that customers get less than what they pay for (i.e., inexpensive parts in plastic cases with most home-grade routers failing shortly after the one-year warranty.

I gave Linksys three chances but two failed within three months and the third one was DOA when I installed it. After going through two disposable D-Link routers and my first wireless router, a $130 Netgear that was my first one with wireless support (and failed three months after the warranty ended), I bought a Linksys dual-band wired/wireless router three days ago -- and Cisco's acquisition of Linksys merely raised false hopes -- and, because I configure routers manually, I was very happy that the PDF manual was a large file, until I viewed said manual and learned that the PDF file has documentation in about fifteen languages and that the manual for each language is just over two pages, respectively.

I was having to reset my Motorola SURFboard cable modem at least once a day (and the now-defunct Netgear router more often), so I upgraded to a DOCSIS 3.0 cable modem made by an unknown company in China, with no documentation, but the only DOCSIS 3.0 modem that my broadband carrier supports.

I have spent three days, on and off, trying to configure the Linksys router, but it has "paperweight" status and I suspect I will end up returning it. The router is simple to set up, but my Linux and Mac Pro computers (nor a relative's new iMac running Mac OS X 10.6.2 ("Snow Leopard") and Windows 7 Professional (via Parallels Desktop 5 for the Mac) can access the router (even via the 'ping' command), let alone the cable modem and Internet. Plus, despite the fact that my passphrase for 256-bit AES encryption for WPA2-PSK is exactly 63 characters long (the maximum allowed), the router's Web interface rejects the passphrase as "too long" until I delete two characters -- which is perturbing and disconcerting.

The strongest encryption supported by DNSQueries helpful 'Encrypter' DS Tools page is DES, which has been deprecated. I was going to try to create an AES-256 shared key of 63 characters (at least until/if I can use Wireshark to ensure that the router is actually providing the encryption it should). I also face the simple fact that a 63-character ASCII string converted to hexadecimal (which the manufacturers of wireless routers recommend) is 124 characters long and far from easy to remember.

Would DNSQueries consider adding AES (256-bit) encryption as an option to your 'Encypter' page? I am grateful that you offer ASCIIhexadecimalASCII encryption, DES, and the other features, but AES-256 is the standard for wireless/802.11g/n routers using WPA2-PSK (and WEP can be decrypted by any "script kiddie" with no knowledge of cryptography and a GUI-based tool; plus, when I first got the Netgear router in August 2008 and searched YouTube for a video on "hardening" WPA2, I got no "hits," although I got over sixty results on how to crack WPA2. (Perhaps building a "headless" mini-ITX- or Beagle-Board-based Linux server in a small enclosure -- solely to run FreeRadius -- is not such a bad idea.)

Thank you very much, DNSQueries for your patience (and I realize this request is long and rambling), time, consideration, and help!


Cordially,

David