pfarrell;297026 Wrote: > > This is much too strong of a statement without some qualifications. > WPA with AES-CCMP is strong, WPA with RC4 is substantially weaker, and > > is used in many (most?) places. > True, but I haven't found any evidence for a better attack than brute force. Provided your key isn't in the dictionary, you're looking at a pretty long search time. The examples I've seen indicate around 20keys/sec. Assuming I have hardware 10 times faster than that and a 10 character random key (using a-zA-Z0-9) I get a max search time of approx 4e15 seconds. Half that for an average hit time (assuming random searching) and we're still looking at 6e7 years. (Apologies for any math errors, corrections welcome!)
http://www.linuxjournal.com/article/8312 http://wirelessdefence.org/Contents/coWPAttyMain.htm http://blogs.zdnet.com/Ou/?p=127 > > To be 'decent' a password has to have a lot of entropy, which means > true > random values. Just being long is not sufficient. A passphrase of: > "A SlimDevices Transporter is a great audiophile component" is long, > but > has trivial amounts of entropy, especially among folks on this forum. > How does the amount of entropy affect the crack time for brute force, provided there's a trivial amount so the key isn't in a dictionary? Let's say, for an example, that I have a really lame dict file that only includes english words. In this situation "Bonjour" is just as hard to crack as "aX2*i9:", and in fact "1111111" isn't any easier. Of course in real life Bonjour and 1111111 would be in the dictionary, so the random-ish key is better. I guess I'm just not understanding your comment on an MD5 hash not being good enough. Provided the attacker doesn't know you make a habit of using MD5 to generate your keys I think you're fine. Of course there's another issue for the attacker once he's done with the dictionary, and that's that he doesn't know how much entropy is in my key, so he has to assume the maximum. I may have chosen to only use upper case letters, but he has no idea that my key doesn't have numbers in so he has to test those all the same. Now he may be smart and think that I'm probably an idiot and have a really small character set, so statistically he's better off hitting the lower-case-only keys first, but you get my point. > > A chain is only as strong as its weakest link. > Agreed. The easiest way to break into WPA is probably to attack a node on the network directly (via a trojan for example) and get the PSK from an OS vulnerability. -- radish ------------------------------------------------------------------------ radish's Profile: http://forums.slimdevices.com/member.php?userid=77 View this thread: http://forums.slimdevices.com/showthread.php?t=46953 _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/discuss
