Time for Longer Wi-Fi WPA Passwords!

More like this
11

Comments

+ Add a Comment
avatar

RED_404

January 27, 2009 at 7:33am

For a business or a secure network you can ditch the WPA all-together if you wish.

All you need is Kerberos+OpenVPN "or any other encrypted VPN"

It takes some work to initially set up but in some cases it can be well worth it.

avatar

jkroeder

January 26, 2009 at 9:43pm

and really.. this news changes nothing. Weak passphrases equal weak security. This is how it's always been.

 Strong passphrases still render these dictionary and brute force attacks pointless. WPA-AES and WPA2 are still very secure. You just have to configure it properly. 

avatar

thorsonb

January 26, 2009 at 4:11pm

I do it ALL the time!

There will be some point of time that passwords would be obsolite and some other form of identifiction will be used!

 

Perhaps in the near future, it will be a Password And a PIN, which changes daily (but will be hell)

 

Whats the name of that App anwyasye? I use NetStumbler and  inSSIDer

avatar

jcollins

January 27, 2009 at 9:38am

From the article, the Elcomsoft Wireless Security Auditor.

avatar

the_river

January 26, 2009 at 1:41pm

When in doubt, go beyond the password. If you use any kind of Linksys router (and I think Netgear is the same way), there is a MAC Address filter option for Wireless Security. Choose the option to 'only allow' the MAC Addresses entered and even if they get your 8-key WPA password, the router won't let them connect anyway, rendering their assault useless.

It's expecially helpful in large buildings. Hey, make a business of it. Rent your neighbors your Wi-Fi by adding their MAC addresses to the router. A $50/month broadband connection easily reclaims itself at $10-$15 a user. Name it: WiFi_For_Rent or something like that.  Hey, couldn't hurt. Fortunately, I'm in the middle of the woods, so the deer are the only thing picking up my wireless connection. :)

avatar

jcollins

January 26, 2009 at 3:03pm

MAC Address Spoofing is supposed to render this a moot point.

avatar

redscud

January 26, 2009 at 7:46pm

If you don't know what the MAC address is, you can't spoof it. If you still think this approach will work, go for it and let me know when you guess the right MAC address. You only have 256 to the power of 6 choices, so you should get it in about, oh 1,000 years.

avatar

jkroeder

January 26, 2009 at 9:35pm

except the fact that the MAC addresses of every connected client on an access point is sent through the air in CLEAR TEXT. Even if the AP is using WPA/WPA2 or what have you, MAC addresses can be seen simply by sniffing packets for a few seconds.

 

so no, MAC filtering is not a good method of security.

 

 

avatar

Cache

January 26, 2009 at 12:53pm

How many average office drones are even remotely capable of coming up with a 12-16 character password that has to be updated every 30-days to 3-months?  And what do we do when that number has to be raised to 20-24 characters to be considered secure?

Maybe it's time for passwords to die, and allow something more complex and agile to take its' place.

avatar

jcollins

January 26, 2009 at 12:53pm

That's going to suck with the iPhone and no copy/paste.  Even 16 characters probably isn't wise, so the longer it is, the more painful it is to enter on the iPhone.

avatar

DBsantos77

March 25, 2009 at 7:13pm

Oh, that's nothing. I have a 50 + Character Password,  and when I tried putting it into my Wii, I messed up about 5 times. Do the math, I had to put in 250 characters on that damn Wii. One...by......one. A very very very painful process. I can NOT imagine doing that on an iPhone.

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.
Don't have an account? Join Now.