Quantcast

Don't have an account? Register Now! Forgot password?

Related Articles
Maximum IT
SEE MORE MAXIMUM IT
News

Time for Longer Wi-Fi WPA Passwords!

Posted 01/26/09 at 02:20:19 PM  by Andy Salisbury

comment Commentsprint Printemail EmailDeliciousDiggStumbleUponRedditFacebookSlashdot

If you thought that your 8 character WPA password was secure, think again. Thanks to the handy-dandy GPU, cracking weak WPA/WPA-2 PSK passwords has never been easier.

According the Elcomsoft, their Wireless Security Auditor can work completely off-line and find passwords by analyzing a dump of network communications, and display them in plain text.

What this means, is that if you’ve got a WPA protected network, you should probably bump your 8 character password up to at least 12 characters. According to David Hobson, “It's a wake-up call to IT managers, pure and simple. IT managers should now move to 12 and even 16 character keys as a matter of urgency. It's not very user-friendly, but the potential consequences of staying with eight character keys do not bear thinking about.”

 

Image Credit: Elcomsoft

COMMENTS:11
TAGS: wireless, gpu, WiFi, wpa
COMMENTS
avatarKerberos+OpenVPN

Submitted by RED_404 on Tue, 01/27/2009 - 7:33am

For a business or a secure network you can ditch the WPA all-together if you wish.

All you need is Kerberos+OpenVPN "or any other encrypted VPN"

It takes some work to initially set up but in some cases it can be well worth it.

Login or register to post comments
avatarThis changes nothing

Submitted by jkroeder on Mon, 01/26/2009 - 9:43pm

and really.. this news changes nothing. Weak passphrases equal weak security. This is how it's always been.

 Strong passphrases still render these dictionary and brute force attacks pointless. WPA-AES and WPA2 are still very secure. You just have to configure it properly. 

Login or register to post comments
avatarWill All ways be wardriving!

Submitted by thorsonb on Mon, 01/26/2009 - 4:11pm

I do it ALL the time!

There will be some point of time that passwords would be obsolite and some other form of identifiction will be used!

 

Perhaps in the near future, it will be a Password And a PIN, which changes daily (but will be hell)

 

Whats the name of that App anwyasye? I use NetStumbler and  inSSIDer

Login or register to post comments
avatarFrom the article, the

Submitted by jcollins on Tue, 01/27/2009 - 9:38am

From the article, the Elcomsoft Wireless Security Auditor.

Login or register to post comments
avatarUse MAC Filtering

Submitted by the_river on Mon, 01/26/2009 - 1:41pm

When in doubt, go beyond the password. If you use any kind of Linksys router (and I think Netgear is the same way), there is a MAC Address filter option for Wireless Security. Choose the option to 'only allow' the MAC Addresses entered and even if they get your 8-key WPA password, the router won't let them connect anyway, rendering their assault useless.

It's expecially helpful in large buildings. Hey, make a business of it. Rent your neighbors your Wi-Fi by adding their MAC addresses to the router. A $50/month broadband connection easily reclaims itself at $10-$15 a user. Name it: WiFi_For_Rent or something like that.  Hey, couldn't hurt. Fortunately, I'm in the middle of the woods, so the deer are the only thing picking up my wireless connection. :)

Login or register to post comments
avatarMAC Address Spoofing is

Submitted by jcollins on Mon, 01/26/2009 - 3:03pm

MAC Address Spoofing is supposed to render this a moot point.

Login or register to post comments
avatarExactly what are you going to spoof?

Submitted by redscud on Mon, 01/26/2009 - 7:46pm

If you don't know what the MAC address is, you can't spoof it. If you still think this approach will work, go for it and let me know when you guess the right MAC address. You only have 256 to the power of 6 choices, so you should get it in about, oh 1,000 years.

Login or register to post comments
avatarexcept the fact that the MAC

Submitted by jkroeder on Mon, 01/26/2009 - 9:35pm

except the fact that the MAC addresses of every connected client on an access point is sent through the air in CLEAR TEXT. Even if the AP is using WPA/WPA2 or what have you, MAC addresses can be seen simply by sniffing packets for a few seconds.

 

so no, MAC filtering is not a good method of security.

 

 

Login or register to post comments
avatarHow many average office

Submitted by Cache on Mon, 01/26/2009 - 12:53pm

How many average office drones are even remotely capable of coming up with a 12-16 character password that has to be updated every 30-days to 3-months?  And what do we do when that number has to be raised to 20-24 characters to be considered secure?

Maybe it's time for passwords to die, and allow something more complex and agile to take its' place.

Login or register to post comments
avatarThat's going to suck with

Submitted by jcollins on Mon, 01/26/2009 - 12:53pm

That's going to suck with the iPhone and no copy/paste.  Even 16 characters probably isn't wise, so the longer it is, the more painful it is to enter on the iPhone.

Login or register to post comments
avatarLol

Submitted by DBsantos77 on Wed, 03/25/2009 - 7:13pm

Oh, that's nothing. I have a 50 + Character Password,  and when I tried putting it into my Wii, I messed up about 5 times. Do the math, I had to put in 250 characters on that damn Wii. One...by......one. A very very very painful process. I can NOT imagine doing that on an iPhone.

Login or register to post comments

This Month's Issue
Maximum PC
SUBSCRIBE NOW
AND SAVE!
FEATURE How to Get FREE Programs, Services, Software & MoreFEATURE Digital Photo Printer RoundupHOW TOBuild a 3D CameraFEATUREDIY Arcade PCWHITE PAPERHow TRIM Works