ALERT: WPA isn't necessarily secure

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

SUMMARY:

   WPA-PSK is vulnerable to offline attack.

TO AVOID THE PROBLEM:

   USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS.  Examples:
      BAD: "vintage wine"
      GOOD: "floor hiking dirt ocean"
         (pick your own words, even longer is better)
   FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.

BACKGROUND:

   Weakness in Passphrase Choice in WPA Interface
   By Glenn Fleishman
   By Robert Moskowitz
   Senior Technical Director
   ICSA Labs, a division of TruSecure Corp
   <http://wifinetnews.com/archives/002452.html

   ...
   The offline PSK dictionary attack
   ...
   Just about any 8-character string a user may select will be in the
   dictionary. As the standard states, passphrases longer than 20 characters
   are needed to start deterring attacks. This is considerably longer than
   most people will be willing to use.

   This offline attack should be easier to execute than the WEP attacks.
   ...
   Using Random values for the PSK

   The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
   number for human entry; 20 character passphrases are considered too long
   for entry. Given the nature of the attack against the 4-Way Handshake, a
   PSK with only 128 bits of security is really sufficient, and in fact
   against current brute-strength attacks, 96 bits SHOULD be adequate. This is
   still larger than a large passphrase ...
   ...
   Summary
   ...
   Pre-Shared Keying is provided in the standard to simplify deployments in
   small, low risk, networks. The risk of using PSKs against internal attacks
   is almost as bad as WEP. The risk of using passphrase based PSKs against
   external attacks is greater than using WEP. Thus the only value PSK has is
   if only truly random keys are used, or for deploy testing of basic WPA or
   802.11i functions. PSK should ONLY be used if this is fully understood by
   the deployers.

See also:
   Passphrase Flaw Exposed in WPA Wireless Security
   <http://www.technewsworld.com/story/32070.html

   Wi-Fi Protected Access. Security in pre-shared key mode
   <http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

   Cracking Wi-Fi Protected Access (WPA)
   <http://www.ciscopress.com/articles/article.asp?p=369221
   <http://www.ciscopress.com/articles/article.asp?p=370636&rl=1

   WPA Cracker
   <http://www.tinypeap.com/html/wpa_cracker.html

Site Timeline