On Tue, 5 Dec 2006 17:00:08 +0000 (UTC), arnstein@panix.com (David
Arnstein) wrote in <el48io$o39$1@reader2.panix.com>:

>In article <cnI3h.203890$QZ1.2214@bgtnsc04-news.ops.worldnet.att.net>,
>John Navas <spamfilter0@navasgroup.com> wrote:
>>SUMMARY:
>>
>> WPA-PSK is vulnerable to offline attack.
>>
>>TO AVOID THE PROBLEM:
>>
>> USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
>> BAD: "vintage wine"
>> GOOD: "floor hiking dirt ocean"
>> (pick your own words, even longer is better)
>> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.
>
>I will be setting up a wireless network that includes a living room
>media player. This player has WPA, but its only input device is a
>handheld remote.
>
>So long passwords would be a chore to enter. But nonsensical passwords
>would be OK, Like, 589402[o';rmLk
>
>What do you think about relatively short, but completely random
>passwords? This WLAN is not just for the living room, so I would like
>it to be secure.

A random password can achieve the same level of security with far fewer
characters, which can be useful in certain situation, as you note. 12
truly random characters is probably good enough to deter any conceivable
attack on a home network for the expected lifetime of that network. But
the key word there is "truly", which isn't satisfied by thinking
something up. Be sure to use something like a password generator with
good randomness (e.g., Password Safe). For more on password entropy
(measure of strength), see:
* <http://www.gcn.com/print/24_23/36630-1.html>
* <http://www.csrc.nist.gov/pki/twg/y2004/Presentations/twg-04-04.pdf>

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>