Is this statement true about cracking wpa-psk key.
WPA-PSK may be vulnerable to a brute force attack but, with the choice of the right password, it becomes unfeasible.
Assuming a decent utility is used, a 31 character long password of random upper- and lowercase letters and numbers results in 62^31, or
3.7x10^55 possible combinations.
If we assume 60 attempts per second, it will take more that 1.3x10^36 times the age of the universe (15 billion years) to attempt every possible combination. The average time would be half that, or
6.5x10^35 times the age of the universe.
Even if someone were to come up with a scheme that reduced the bruteforce time to 1 trillionth of what would be required otherwise, it would still take 6.5x10^23 times the age of the universe. And so on...
Unless someone find another way to get the password (e.g., can determine from traffic (like with WEP), beats it out of me, hacks my laptop, etc.), my WAP will remain secure until long after I'm dead.
Why not ask the person that wrote the article? he seems to know what he is talking about. If you understand it that would help. It can be cracked quite easily with the right software, all that is required is around 50MB of data to be monitored. So keep changing the password !
Depends on how long you live and whether in your lifetime quantum computers become the norm. If they do then all present known encryption just becomes a whole bigger problem than your AP!
Quantum computers? The tiny keyboards on todays notebook and palmtop computers are so small, I can barely type on them. Now, you want one even smaller? Surely you jest. Unless power consumption also scales accordingly, the power density of the accompanying power source could easily approach a small bomb. As the devices get smaller, the tendency for them to be susceptible to computation errors and soft errors (from alpha paticles, cosmic raise, etc) becomes a problem:
formatting link
the future people will probably still continue scribbling their passwords in obvious places. Perhaps by then, shared key security will follow the dinosaurs.
What I really want is a personal black hole, so I can dispose of all the electronic and computer junk easily. Also, infinite bandwidth and distance by communicating through a black hole or modulating neutrinos.
Jeff, I can see your points, but I wonder how many of us hyperventilate over an issue that is only a figment of our imaginations. I sometimes wonder if anyone would be interested in what is on my computer, even if I left it on and with no password protection, in an unlocked room for years. Probably no one would bother to even look at the damned thing.
I build my passwords using the first letters of a paragraph or song verse from one of my books. I keep the book in the book shelves with a hundred or so other books. The page number, chapter number, song number, and first letters of a paragraph or verse make very nice, easy to remember passwords, and if I forget them I can find them in the book. But, I would think someone determined to hack my computer would have a very hard time breaking these passwords.
That's the problem: guessing a password isn't the only way to crack encryption. If it were, advances in computing power could be countered by putting a time delay in how often the access point would accept connection requests from supplicants. (That might leave the AP more vulnerable to denial of service floods, but would effectively immunize it from cracking.) Unfortunately, it's also possible to derive passwords by analyzing encrypted data. For that, the factors in play are the rate of data transmission over the network and the method and computing horsepower being used to do the decryption.
I'm not sure how we got to the subject of passwords, but methinks the topic is worthy of my pontification. Incidentally, I am NOT a security expert as I don't attend security conferences and publish papers.
I can supply the names of 2 individuals who were extremely sloppy with their passwords (i.e. using the same password for everything) and managed to get ripped off when someone used Paypal to empty their account. Nobody really wants what's on your computer. What they want is sufficient information to precipitate an identity theft. SSI number, date-o-birth, addresses, email password, credit card numbers, and such. If you leave thse floating around your computer, you're asking for problems.
Also, few hackers get these by breaking into your computer. They get them by sniffing the traffic. Keyword searches of your unencrypted email often yields amazing amounts of information.
I think you missed my point, although I wasn't terribly clear. The concept of a password is by its very nature insecure. I once used the security cameras to video tape the admin logging into the server, and extracted the login and password. The password was quite obscure and secure. The admin wasn't. My former neighbors 14 year old brat could play finger hacker and read back any phone number I dialed, and most passwords I typed.
At the same time, the wireless community seems to prefer pre-shared keys for security. This is equally dumb as once the key leaks out, the entire system is compromised. At the very least, a compromised password should only compromise one machine, not the entire wireless network. RADIUS server based authorization and authentication delivers a one time WPA encryption key for the session, which is the right way to do this.
Passwords also only provide the autorization part of the security puzzle. What's lacking is the authentication part. How does the system know that you are whom you say you are? There are a variety of schemes for authentication ranging from X.509 certificates to 3rd party authentication authorities (Verisign etc).
Anyway, what I was hoping was that in the future computer utopia of quantum computing, perhaps the concept of passwords and pre-shared keys, in any form, would do me the favor of following the dinosaur into extinction.
Get a cat. All houses/homes that have a cat have at least one blackhole that swallows cat toys (this can be verfied by reading between the lines in Hawkings' books on blackholes). So, once you are ready to discard an item you just persuade the cat to play with it and over time the cat toy blackhole in your home will swallow the device.
Got it. So according to Heisenberg, I can determine what the computer is doing or where it is located, but not at the same time. That may present a problem. I can have my computational answers, but can't find where the computer sent them. Or, I can play with my computer, but can't trust the answers. Are you sure this quantum computing stuff is for real?
Well, that presents a problem for me. I'm officially a "computah repair person". With quantum computers, I might become a "quantum mechanic"[1]. You can either have your computer fixed correctly, or delivered on time, but not both. Bring on the quanta.
I suspect it will take more than a secure algorithm to insure adequate wireless security. It's not just about encryption. It will probably require a similarly complex layer of authentication, which insures that you are whom you claim to be and not a clone, identity thief, laptop thief, or hacker.
We're doomed:
formatting link
[1] A friends business card no longer identifies her as an author. It now says "content provider".
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.