View Single Post
Old 01-25-2012, 10:59 AM   #19
obsessed2
Wizard
obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.obsessed2 ought to be getting tired of karma fortunes by now.
 
obsessed2's Avatar
 
Posts: 1,031
Karma: 4694121
Join Date: Apr 2011
Location: Virginia
Device: Pocket Edge X 2 , Edge, gTab, Kindle Fire, Nextbook 7S
Quote:
Originally Posted by keeska View Post
Reasonably safe against what - accidentally connecting to your WiFi network? Given current methods of attacking the WPA/WPA2 passphrase 20 characters is about the minimum which can stand up to an attack for a reasonable amount of time.

I have safely used an 8 character WPA2-PSK on my home network for many years and nobody has ever accidentally connected to it. WPA/WPA2 is vulnerable when simple pass phrases are used. If a hacker is sniffing wireless packets they can launch an off-line dictionary attack against your PSK passphrase, and if your passphrase is in the wordlist then chances are yes the attack will be successful. In other words, if you use any “common password”, your password is easily crackable. The exploit used by coWPAtty and other similar tools is one of dumb passphrases. This allows hackers to leverage a human element in obtaining the key.

To make it more uncrackable, you need to use a password that contains random letters, digits and (if allowed) punctuation. If you’re going to use WPA2 to secure your home WLAN, then do it right by choosing a strong and random PSK passphrase. The more random your WPA preshared key, the safer it is to use. Using a-z and 0-9 characters, there are 36 possibilities per character with combinations of PSKs equals 36 raised to the number of characters used. While cracking a really strong 8 character password is possible, it is impractical to use the time and resources required to target a home user. Of course a longer passphrase is more secure, but unless your guarding state secrets, 8 characters used correctly is the minimum and an acceptable password length. And if you are guarding state secrets you would be foolish to use wireless in the first place.



Quote:
Originally Posted by keeska View Post
Asking someone to enter a password to gain access on a daily basis or even more often is not the same as setting a WiFi passphrase once in a device and not having to setit again until you decide it needs to be changed.
I'm aware it is not the same but it illustrates the point, if it is difficult to remember a long and complex password used on a daily basis imagine how hard it becomes when you need to change the password or add another device down the road six months later. Like you said, set it and forget it, literally. While most routers have a hard reset which makes it easy to recover lost admin and Wi-Fi passwords, sometimes this leads to more headaches and frustration for the average home user.

Last edited by obsessed2; 01-25-2012 at 11:49 AM.
obsessed2 is offline   Reply With Quote