ALERT: WPA can be less secure than WEP

WPA-PSK is vulnerable to attack, and can be even worse than WEP!
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
Weakness in Passphrase Choice in WPA Interface
By Glenn Fleishman
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp

The offline PSK dictionary attack
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20 characters
are needed to start deterring attacks. This is considerably longer than
most people will be willing to use.
This offline attack should be easier to execute than the WEP attacks.
Using Random values for the PSK
The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
number for human entry; 20 character passphrases are considered too long
for entry. Given the nature of the attack against the 4-Way Handshake, a
PSK with only 128 bits of security is really sufficient, and in fact
against current brute-strength attacks, 96 bits SHOULD be adequate. This is
still larger than a large passphrase ...
Pre-Shared Keying is provided in the standard to simplify deployments in
small, low risk, networks. The risk of using PSKs against internal attacks
is almost as bad as WEP. The risk of using passphrase based PSKs against
external attacks is greater than using WEP. Thus the only value PSK has is
if only truly random keys are used, or for deploy testing of basic WPA or
802.11i functions. PSK should ONLY be used if this is fully understood by
the deployers.
See also:
Passphrase Flaw Exposed in WPA Wireless Security

Wi-Fi Protected Access. Security in pre-shared key mode

Cracking Wi-Fi Protected Access (WPA)

WPA Cracker

Reply to
John Navas
Loading thread data ...
Well, that's why I don't use dictionary words. I have found that partial 1337 is very useful in this. w3rt3h1337 (we are the leet) isn't exactly in the dictionary, is it?
Reply to
Xiong Chiamiov
This is similar to the way I set mine up. I use the page number, song number and first letters of each word from a particular verse in an old song book. This is easy for me to remember, but would be nearly impossible for anyone to crack.
Reply to
On 3 Jul 2006 17:52:44 -0700, "Xiong Chiamiov" wrote in :
True, but can still be attacked with brute force, and 10 characters isn't long enough to be truly secure. Regardless, there's nothing wrong with using easier to remember dictionary words as long as the length is sufficient. From the analysis in the diceware word FAQ :
* Four words are breakable with a hundred or so PCs. * Five words are only breakable by an organization with a large budget. * Six words appear unbreakable for the near future, but may be within the range of large organizations by around 2014. * Seven words and longer are unbreakable with any known technology, but may be within the range of large organizations by around 2030. * Eight words should be completely secure through 2050.
Reply to
John Navas
On Tue, 04 Jul 2006 01:26:39 GMT, Gordon wrote in :
If sufficiently long.
Reply to
John Navas
John Navas hath wroth:
I wouldn't worry about it past year 2038. That's when all the clocks start running backwards and civilization comes to an abrupt end:
formatting link
Starting at GMT 03:14:07, Tuesday, January 19, 2038, I fully expect to see lots of systems around the world breaking magnificently: satellites falling out of orbit, massive power outages (like the 2003 North American blackout), hospital life support system failures, phone system interruptions (including 911 emergency services), banking system crashes, etc.
Reply to
Jeff Liebermann
On Tue, 04 Jul 2006 09:43:07 -0700, Jeff Liebermann wrote in :
Indeed. I think it's likely to make Y2K look like a minor warmup.
Reply to
John Navas
Where are you going to find a 32-bit system that still runs in the year 2038?
I suppose the computer museum might have one, but folks will be so amazed that it runs at all that nobody is going to care too much that the time is displayed the date and time as 1970 - 2-billion-seconds.
Reply to
Wolfgang S. Rupprecht
On Tue, 04 Jul 2006 15:03:45 -0700, "Wolfgang S. Rupprecht" wrote in :
I'm willing to bet that there will still be lots of 32-bit software running then, along with 64-bit software running 32-bit algorithms.
Reply to
John Navas
Yes, but that isn't my actual password. I wouldn't give that up on the internet, would I?
Reply to
Xiong Chiamiov Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.