What should the average home user with a standard linksys router use?

WPA2 (or WPA-AES) and a 64-character password. It's not like people type in their network password every time they join the network. This is one of the areas there it's not that much of a hassle to use a long password since you normally just type in the password/passphrase when setting up the network connection (and people are possibly used to long, random-character passwords from using WEP keys).

On a side note: Long passwords are generally a good idea.

On websites that support it you can just type in a memorable phrase, with spaces and everything, and it will be more secure than the usual 10 char alphabet soup.

A password I commonly use is:

Length limits on password input fields suck donkey balls.

> Length limits on password input fields suck donkey balls

At one point I was using MD5 hashes for passwords, but I kept running into password limits so I had to stop.

Worry about better things.

Seriously, what's your concern? There's a very low chance that someone will be determined enough to use tools like these to hack into your LAN, and even if he'll do that, so what?

> There's a very low chance that someone will be determined enough to use tools like these to hack into your LAN

To use you LAN no... but to use your internet? Imagine someone is determined to get an your internet connection already and doesn't care if it's legal or not - he starts looking for information on wireless password hacking and finds that site. Now his choice is between a contract + installation fee + monthly fee -vs- 17$ once.

Why would you care? For example if your country/ISP uses a 3 strikes policy. Or you don't want police asking about that child porn distribution network. Or .... (many reasons)

A 135 million word dictionary still leaves lots and lots of keyspace for choosing an unguessable "non dictionary" password :)

In most companies with in-house applications, access to the wireless network equates in some low number of moves to root access to production servers. Losing your wifi is a big deal.

A long random string for a password.

And change it every so often, just in case.

And a random name for your network.

How does this help?

WPA-PSK uses the name of the network as a salt. There exists rainbow tables for millions of passwords for many of the most used network names.

It doesn't really have to be random, just not something widely in use. In other words, just don't leave it as "linksys", I'm pretty sure that even a 13-char random string doesn't help you then. :)

This helps people in your vicinity have a unique data point when using geolocation technologies that are powered by SSIDs of wifi networks.

Seriously though, I doubt it adds much, even in obscurity.

No. The ssid is used as part of the encryption. Changing it to something very obscure invalidates any precomputed tables and forces a brute force attack

I always assumed that wifi-aided geolocation used the MAC address of the router.