# WPA[2] support in Tivo? How can we make them?



## jiism

Hi All,

From my research on forums here, it seems that Tivo Series 2 units just don't support WPA or WPA2 (pathetic!). Most of the Linux vendors have support for it.

I just purchased Linksys WRT54G 802.11G router and it supports both of these protocols. Unfortunately, I am able to make Tivo go through my network only if I set security settings to WEP 

That means, I have to downgrade the security of my home network evenif my router supports better encryption protocol. This poses risks to my home network. The cracking WEP is easy and free tools are also available on web to this.

Has anyone able to secure their home network better [than WEP] and make Tivo work at the same time?

Is there any place (Tivo engineering team email,etc.) I/we can express this concern to Tivo? There seems to be a lot of people facing this same problem. How can we push Tivo to implement this critical feature?

I called Tivo support and they said that they would look into it. I was further bit disappointed to note that they did not have any bug # or feature request # to give me so that I can track this request in future. Most of the [software] companies track such bugs/RIFE in their database and provide customers tracking id to make it easy to track such issues.

oh well, I just wanted to let my frustration out and see how others feel.

Regards,
jiism


----------



## NoCleverUsername

You can submit suggestions directly to TiVo here: http://research.tivo.com/suggestions/

I don't know if you'll get any kind of tracking number. I've never submitted anything.


----------



## jiism

Thanks. I've submitted the request. Maybe, others who need WPA[2] support will do the same. Influence by mass.


----------



## megazone

It isn't likely to make any difference. TiVo knows about it and is aware of the demand. There has been speculation over the ability of the Tivo HW to handle 802.11i/WPA2 as a possible issue. *shrug*


----------



## HotStuff2

jiism said:


> From my research on forums here, it seems that Tivo Series 2 units just don't support WPA or WPA2 (pathetic!).


That's well-known.



jiism said:


> Most of the Linux vendors have support for it.


And your point is...?



jiism said:


> That means, I have to downgrade the security of my home network evenif my router supports better encryption protocol. This poses risks to my home network. The cracking WEP is easy and free tools are also available on web to this.


No it doesn't. Set up another router as an AP, set to WEP, disable DHCP, set the TiVo to a static IP that connects to the WEP AP, and set the WEP AP's gateway to the WPA router's address. Bada bing, bada boom, you're done. I use two Netgear routers for this (one WGR614v1 as WEP, one WGR614v4 as WPA. After price-matches and rebates, I made $ on both purchases.)



jiism said:


> Has anyone able to secure their home network better [than WEP] and make Tivo work at the same time?


Yep. See the above answer.



jiism said:


> Is there any place (Tivo engineering team email,etc.) I/we can express this concern to Tivo? There seems to be a lot of people facing this same problem. How can we push Tivo to implement this critical feature?


It's not "critical". YOU (and others) think it's "critical" because you don't know better and you want it because you think you need it (you don't.) Frankly, content transferred from or to the TiVo isn't important, and doesn't need to be encrypted. Ergo, WPA isn't required. Implementing it would incur higher overhead, more training, extra costs, rewriting code, retesting equipment to make sure it doesn't break anything and still works, etc. Don't want to use WEP? Don't use wireless, run a CAT5 cable to the TiVo from the router. Or use two routers like I described above. But remember, it took a good couple of years to just get 802.11*g*.



jiism said:


> I called Tivo support and they said that they would look into it. I was further bit disappointed to note that they did not have any bug # or feature request # to give me so that I can track this request in future. Most of the [software] companies track such bugs/RIFE in their database and provide customers tracking id to make it easy to track such issues.


Probably because you're like the 40,000 person to call and ask about this. No need to track a bug or feature request that just isn't going to happen anytime soon. If ever.



jiism said:


> ...Maybe, others who need WPA[2] support will do the same.


You don't "need" it. You WANT it. Does your TiVo work with WEP? Yes. You don't want to downgrade your network to WEP? Key word in that sentence is WANT. Not need.



jiism said:


> Influence by mass.


Uh, no. That would imply that if you (or others) don't get what you want, you'll either a.) leave for a competitor, or b.) leave and do without. Option A isn't going to happen (who is their competitor again?) And B is highly unlikely.


----------



## SethA

HotStuff2 said:


> Implementing it would incur higher overhead,


Ummm. No. Maybe you want to retract this statement or clarify that you are talking about WPA*2*, not WPA. You see, WPA uses RC4 just like WEP. The major difference is that the holes regarding weak IVs and lack of key rotation are resolved in WPA. Existing devices support this in hardware with newer *drivers*. There is no overhead added to the Tivo by WPA. Maybe you should do some research before you make patently silly remarks like the above.



HotStuff2 said:


> more training,


Who will need to be trained???



HotStuff2 said:


> extra costs, rewriting code,


How about simply using the drivers that have already been written for the devices themselves by the *manufacturers*?



HotStuff2 said:


> retesting equipment to make sure it doesn't break anything and still works, etc.


To someone that doesn't work in the high-tech industry, this may seem like a plausible point. However, unless quality isn't important to Tivo, they probably go through all the test cases for each software release anyway. We do. Testing WPA adds marginal testing to the overall plan. Certainly less than adding new certified NICs.

There is very little risk to Tivo that WPA would "break other things." No more than WPA on the adapter in your Laptop might "break" MS Word or the OS itself. If



HotStuff2 said:


> You don't "need" it. You WANT it. Does your TiVo work with WEP? Yes. You don't want to downgrade your network to WEP? Key word in that sentence is WANT. Not need.


Ummm, you don't NEED a Tivo either. You WANT it because it saves time and convenience, etc. Please don't resort to pedantic little replies like this. It makes you look silly. Besides, you should consult a dictionary sometime regarding the definition of the word "want"....

And yes, I don't WANT a second AP, I don't WANT to run cabling in my house, nor do I NEED a second AP or NEED to run cabling in my house, if Tivo would support WPA....


----------



## HotStuff2

SethA said:


> Ummm. No. Maybe you want to retract this statement or clarify that you are talking about WPA*2*, not WPA. You see, WPA uses RC4 just like WEP. The major difference is that the holes regarding weak IVs and lack of key rotation are resolved in WPA. Existing devices support this in hardware with newer *drivers*. There is no overhead added to the Tivo by WPA. Maybe you should do some research before you make patently silly remarks like the above.


Perhaps you should stop trying to assume you know what someone is referring to. I was speaking of overhead for the COMPANY, not the TiVo unit. Overhead as in engineers, testers, support, etc.



SethA said:


> Who will need to be trained???


Technical support, for one.  They have enough trouble with WEP as it is.



SethA said:


> How about simply using the drivers that have already been written for the devices themselves by the *manufacturers*?


Yes, because we see SO many other drivers written by manufacturers in use on the TiVo. Oh, wait - no we don't.



SethA said:


> To someone that doesn't work in the high-tech industry, this may seem like a plausible point. However, unless quality isn't important to Tivo, they probably go through all the test cases for each software release anyway. We do. Testing WPA adds marginal testing to the overall plan. Certainly less than adding new certified NICs.


I can tell when someone hasn't worked in QA or testing (I have.) You, obviously, haven't. And therefore, you don't understand how a "simple request to add one thing" is actually a huge undertaking. If it were "simple to do", it would be done already. Or perhaps you think TiVo has some huge conspiracy against WPA...?



SethA said:


> There is very little risk to Tivo that WPA would "break other things." No more than WPA on the adapter in your Laptop might "break" MS Word or the OS itself. If


I guess you've never installed a new piece of hardware (and it's drivers) and gotten a BSOD, eh? Of course not. All your stuff work just fine.



SethA said:


> And yes, I don't WANT a second AP, I don't WANT to run cabling in my house, nor do I NEED a second AP or NEED to run cabling in my house, if Tivo would support WPA....


The last sentence is the most important. It's an inconvenience to YOU. Either deal with it, or find a way around it. I gave but one example. WPA isn't something TiVo needs. And probably won't be supporting anytime in the near future.


----------



## SethA

HotStuff2 said:


> Perhaps you should stop trying to assume you know what someone is referring to. I was speaking of overhead for the COMPANY, not the TiVo unit. Overhead as in engineers, testers, support, etc..


Perhaps you should do a better job of CLARIFYING what you are talking about in the first place instead of leaving people to assume things from patently silly statements about WPA incurring overhead....



HotStuff2 said:


> Technical support, for one.  They have enough trouble with WEP as it is..


Well, if they were [adequately] trained in 802.11, then there is very little training to learn what is necessary to tshoot something like WPA-PSK. And you should probably know this already, but I'm sure you don't given your past statements about WPA...



HotStuff2 said:


> Yes, because we see SO many other drivers written by manufacturers in use on the TiVo. Oh, wait - no we don't.


So you are saying that Tivo wrote the driver for my current 802.11b NIC?? And you would know this becaauuuse??



HotStuff2 said:


> I can tell when someone hasn't worked in QA or testing (I have.) You, obviously, haven't.


Maybe you should rethink your claim to being able to tell when someone has worked in QA testing.... Your track record doesn't appear to be too good ;-)



HotStuff2 said:


> And therefore, you don't understand how a "simple request to add one thing" is actually a huge undertaking. If it were "simple to do", it would be done already. Or perhaps you think TiVo has some huge conspiracy against WPA...?


That is pedantic, and you know it. The strawman you are trying to construct is that either Tivo should have already done everything that is easy, and if they haven't done it, then it must not be easy but a conspiracy. Puhlease. Try this again and I'll provide a link to a nice junior college in your area that is providing a logic 101 course.

The reality is that test plans are executed for every release, the entire plan. They don't take each feature and regression test in isolation, such that a software release with 5 features has five full regression tests. No, that isn't how it works and you know it. Yes any feature adds to the test plan. But no, one feature by itself doesn't create a huge undertaking, UNLESS you try to argue that the software release was driven by and only contains that one feature. We add features all the time. Some are major undertakings. Others are not. Some of the really minor ones get slipped into patches (not that I am saying WPA is THAT minor). But just because we choose not to undertake a minor one doesn't mean it isn't minor. Surely you know this, but maybe not...



HotStuff2 said:


> I guess you've never installed a new piece of hardware (and it's drivers) and gotten a BSOD, eh? Of course not. All your stuff work just fine.


 Uh, on Windows.... And that is slightly more complicated scenario since MS has no control over what hardware you are running the OS and driver on.... Maybe a few more permutations to deal with, I think you will admit 



HotStuff2 said:


> The last sentence is the most important. It's an inconvenience to YOU. Either deal with it, or find a way around it. I gave but one example. WPA isn't something TiVo needs. And probably won't be supporting anytime in the near future.


Yes, just like not having a Tivo is an INCONVENIENCE to YOU. I already made that point but I guess you still don't realize that Tivo is not a necessity of life... Yes, we all love our Tivo's, but if we are honest a bit here, no single feature that Tivo is working on, now or EVER, will be a NEED or a WANT. No one is in poverty without the unit or any of its features. Please quit trying to make this about some arbitrary definition you have contrived concerning wants and needs. Ok? Or at least clearly state for the record that you are saying your Tivo is a NEED of yours in your life....


----------



## gonzotek

There are not that many Linux 802.11g/WPA drivers available, in source code form, with an unrestricitive license that would allow TiVo to include them in the distributed software. Vendors that provide binary, closed-source Linux drivers don't do a thing to help TiVo, as the processor and other hardware in the TiVo box is generally incompatible with them.

Another option is to purchase a wireless bridge device (e.g. the devices sold as Wireless Game Adapters for PS2 and XBox). For use with a TiVo, these would plug into a wired usb-ethernet adapter and would provide you with a secure, wpa-enabled wireless connection.


----------



## HotStuff2

I'm not going to bother arguing with you, because you seem to think you're right.  gonzotek, who posted right below you, sums it up nicely.

I will, however, comment on this:



SethA said:


> Yes, just like not having a Tivo is an INCONVENIENCE to YOU.


Not really...not anymore. Since I got a 50" plasma HDTV, I've taken to downloading HDTV wide-screen shows and playing them on my modded Xbox. I've watched my modded Xbox more in the last 2 weeks than I've watched my TiVo since November 5 (when I got the 50" plasma HDTV.)

TiVo - the SD one I have now - is pretty much relegated to the "let it record stuff, and if I haven't downloaded anything I want to watch, I'll see what's on it" category. Until TiVo releases the HD CC TiVo unit, that's the way it'll probably stay. It was great when I had my 36" CRT...but now I'm spoiled on HD and wide-screen, neither of which TiVo (non-DirectTV, because I'm not going there) has at the moment.


----------



## SethA

HotStuff2 said:


> I'm not going to bother arguing with you, because you seem to think you're right.  gonzotek, who posted right below you, sums it up nicely.


Welp, that is a nice way of conceding, because on the above issues, I AM right. But that is ok, it IS pretty obvious, and I'll let you attempt to save some face on this.

*Gonzotek* maybe correct. I haven't spent enough time looking in enough detail for Linux drivers, their licensing requirements and/or binary/source status. I know that drivers exist. I was not aware that most of them had restricted licensing or that few were in source code form. But this is an entirely different point than any you had made, concerning overhead, blah blah blah, yada yada yada, drool. So don't try to lay claim to his post being a nice summary of your argument. That's not gonna fly.

I also don't take the statement that "there aren't many" to be the same thing as "there aren't any."



HotStuff2 said:


> I will, however, comment on this: <not having a Tivo is an INCONVENIENCE to YOU>
> Not really...not anymore.....(dribble)


Oh master of the artful dodge, you still haven't addressed the question. I'll ask you one more time. Hopefully you will either a) answer honestly and admit this was a silly and pedantic point to make in the first place or b) drop it while you still can save a little face.

TV, Tivo, XBox, or whatever, are all of what you would consider "needs" as opposed to "wants"? For the literacy inclined, consult these two links:
w3x (dot) m-w (dot) com (slash) dictionary (slash) need
w3x (dot) m-w (dot) com (slash) dictionary (slash) want
(this board won't let me link to the online Merriam Webster dictionary without me having to get creative...)

And since you consider something frivolous like sitting on your butt and watching TV with a bag of chips in your lap to be a "need" you somehow think that WPA has any less "need" status than your "need" for gorging on visual stimuli. Is that correct?

I just want to hear you say it ;-)

Lastly, what you still seem incapable of grasping is that almost any feature you might classify as some big important need, also has a workaround. That is not the point, nor a suitable reply. You want an actor wishlist?? Well, you can google the actor, then search the program guide every two weeks for the results of your google.... You want a season pass?? Well, how about consulting a TV guide and setting up the time yourself.... You want a configurable live TV buffer?? Well, hack your Tivo and set it yourself.... What some of us want is WPA so we don't have to buy hardware other than what we already have. Very simple. And really any NIC capable of WEP is also capable of WPA, i.e. almost every 802.11 device people are using are capable of doing what is being asked.

I appreciate the spirit in which Gonzotek replied, i.e. he doesn't appear to be suggesting that the existence of a workaround invalidates the need/desire/want/<blah blah blah> for the capability.

Want to go around this merry-go-round one more time??


----------



## fdbryant3

It is a shame that TiVo won't support WPA. In my opinion we need to continue hammering them they do.

As far as securing things you might consider checking out Hamachi. It is a free program that allows you to set up a free secure VPN between your computers.

You could use WEP for lock on the door security. Use Hamachi though to further secure your network just in case if someone cracks through that (I would say that the odds of this actually happening are probably low) at least they would not be able to see what you are doing. With a software firewall I think it will give you about as secure a network as your going to get without WPA.

There are of course more ways to further imperfect ways to harden your network (static ips, mac access lists, and hiding the SSID).

Personally I'd rather have WPA and too the effect at this point the dual router is proably the best solution. If you understandably do not want to spend the money on a second router though Hamachi is probably your easiest best bet.


----------



## xStainDx

The point about TiVo needing WPA is not a WANT because the fact is you can't easily run two types of encryption on a home network with 1 router. You can't run WEP and WPA at the same time via the same router, oh and if you can fill me in, cuz AFAIK you can't.

What is comes down to is that TiVo is the only device left of mine that doesn't run WPA. I don't really give a crap about what tivo transfers, my videos are not needed to be secure I really could care less, but the fact is to run TiVo in some type of security it inflicts a security hole in the rest of my network, which is something I choose to not do.

The Need for TiVo to have WPA for me is to complete a safe home network. TiVo's lack of support is an inconvience to the rest of my protected WPA network. So until TiVo understands that its not just about itself I personally will keep using a wired connection for my TiVo box.


----------



## lcatania

HotStuff2 said:


> No it doesn't. Set up another router as an AP, set to WEP, disable DHCP, set the TiVo to a static IP that connects to the WEP AP, and set the WEP AP's gateway to the WPA router's address. Bada bing, bada boom, you're done. I use two Netgear routers for this (one WGR614v1 as WEP, one WGR614v4 as WPA. After price-matches and rebates, I made $ on both purchases.)


So does this mean I don't need a wreless USB adapter. I can just connect a 2nd router directly to my Tivo Box via an ethernet cable to the wired port on my tivo and then have that router connect to my main router by setting its gateway to it? I don't have to connect the AP to a modem? ANd any router can act as an AP. I don;t have to buy a special router that is called an AP?


----------



## HotStuff2

lcatania said:


> So does this mean I don't need a wreless USB adapter. I can just connect a 2nd router directly to my Tivo Box via an ethernet cable to the wired port on my tivo and then have that router connect to my main router by setting its gateway to it? I don't have to connect the AP to a modem? ANd any router can act as an AP. I don;t have to buy a special router that is called an AP?


Yes and no. Just about any router can be an AP (Access Point), but to do what you want, you need a rotuer that can act as a bridge. Those tend to be a bit more expensive. I just picked up the ZyXEL P-330W 802.11b/g WPA2 WAP/router/bridge $19.99 at CompUSA two weeks ago (it's back to regular price now), which fits the bill.


----------

