On Fri, 29 Sep 2006 00:59:15 GMT, Jeff Liebermann wrote: : On 28 Sep 2006 15:58:22 -0700, "Craig" : wrote: : : >Hmmm, unless I'm misinterpreting something...I think WPA2 can now be : >cracked via "coWPAtty". Check out:
formatting link
where they : >say "For Defcon 14, we added WPA2 cracking capabilities." : >
: >Am I wrong??? : : I wish you wouldn't do that. I just wasted over an hour surfing all : the new projects on the ChurchofWiFi web pile. Lots of nifty ideas. : It's difficult to resist temptation. : : coWPAtty is a brute force dictionary attack tool. It tries various : keys from a list of common passwords on a capture file. Recently, it : has been sped up substantially by the release of a list of pre-hashed : dictionary words. The hash file is currently 7 GBytes big. Since the : key exchange algorithm is the same for WPA1 and WPA2, adding WPA2 : support to 4.0 was not a big deal. : |
formatting link
?PID=95: : How it works: : |
formatting link
: The basic idea is to NOT use words that are in a dictionary. The more : obscure and the longer the key, the better.
I agree, up to a point. If your key consists of a single word or phrase that could appear in a dictionary or word inventory, in any common language, you're probably deluding yourself. But if you have a reasonably long phrase that you can remember and that is easy to type without errors, you probably don't have to deviate from it much in order to be safe. Good encryption algorithms (and presumably WPA2/AES is one such) randomize the entire key as a single entity, rather than treating its constituent parts, if any, separately. So if you modify your phrase with a couple of unlikely misspellings, the encrypted forms of the original and modified phrases should be entirely different, and the modified phrase should be highly resistant to a brute-force attack.
You'll often see assertions that the key itself should be 20 or 30 characters long and as random as you can make it. But such a key cannot possibly be remembered and will therefore be written down, making it much more subject to compromise. I read an article recently pointing out that using a memorable (vs highly random) WPA passphrase increases your susceptibility to a brute-force attack by six orders of magnitude! What the article also admitted, but only obliquely, was that the actual decrease in the time necessary to crack the encryption was from 100,000,000,000,000,000,000,000 times the age of the known universe to "only" 100,000,000,000,000,000 times. Yes, that is six orders of magnitude, but who cares?
Yes, a trivial WPA passphrase can be cracked. But until someone proves that he can crack a passphrase that I've chosen, I'm not going to lose any sleep over it.
Bob