Forum

I all
I am having a dispute with our WLAN equipment supplier. I wonder if SSID and allowed, with specials characters like "&% _-" ?

The specification allows for up to 32 8-bit characters of any kind.

However most utilities that I have seen don't give you the ability to enter any of the non printing ascii characters.

I have seen them them in packet captures though, and on netstumber, and InSSIDer displays.

I would be careful deploying this. I would test with all of your supplicants/drivers to make sure they don't freak out with the special characters.

I've both seen and used SSIDs with special characters. Agree with Chad about validation.

I have a large system with one SSID using a special character. However, I ensured that the end user device was capable of utilizing that character before I deployed it.

ASCII 8-bit characters ([url=http://www.asciitable.com/]http://www.asciitable.com/[/url])can be roughly split in [b]two[/b] groups, each with a few "sections":

Group 1 from 0 to 127: This one is common to all "codepages".
First 32 are control or non-printing/printable chars, next comes space (0x20), then the 15 punctuation chars, then 10 numbers from 0 to 9, then @ (0x40), then uppercase letters, then some more punctuation, then the lowercase letters, some more punctuation again and finally DEL char, which is non-printable too.
Group 2 from 128 to 255, [b]Extended codes[/b]: this one varies depending on the codepage.

Using extended codes on SSIDs can be a [b]real mess[/b], unless you are 100 sure both the PC you configure the wireless system AND the wireless clients use the same table.
Imagine you want use letter ? (pretty common in my country, "Espa?a"). You configure the AP using your spanish PC, which uses codepage 850. In this ([url=http://www.ascii.ca/cp850.htm]codepage 850[/url]), binary code for ? is 0xA5 (or 165 dec). You type a ?, [i]you see the ?[/i]... [b]a 0xA5 is saved[/b].
However, your client is using ISO-8859-1 table instead ([url=http://en.wikipedia.org/wiki/ISO/IEC_8859-1]8859-1[/url]). You type a ?, [i]you see the ?[/i]... [b]a 0xD1 is saved[/b] !!!

So -in principle- never use Extended chars, nor Control (non-printable) chars. This leaves you 94 chars to play with!

However, there could be issues even using those "safe" ones, depending on the very implementation of both AP's and/or client's software.

I would simply use letters, numbers and maybe ! and $.
Remember, SSID is not [b][i]the[/i][/b] wireless security issue!

You're right about it not being "real security", but it can be fun to insert "backspace characters in the middle of your SSID.

Depending on what is used to display the name, it can really be funny and/or confuse people, when they see what is dispalyed.

Using a VT escape sequence would be funny too if you configure it via telnet :-)