Re: ALERT: WPA-TKIP isn't secure - use WPA2 instead

John Navas wrote:

> SUMMARY:
>
> WPA-PSK is vulnerable to offline attack.
> WPA-TKIP has been cracked.
>
> TO AVOID THESE PROBLEMS:
>
> 1. USE WPA-AES or WPA2 instead of WPA-TKIP (or WEP)
>
> 2. USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
> BAD: "vintage wine"
> GOOD: "floor hiking dirt ocean"
> (pick your own words, even longer is better)
> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.
>
> BACKGROUND:
>
> Weakness in Passphrase Choice in WPA Interface
> <http://wifinetnews.com/archives/002452.html>
>
> Practical attacks against WEP and WPA
> <http://dl.aircrack-ng.org/breakingwepandwpa.pdf>
>
> A Practical Message Falsication Attack on WPA
> <http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%2 0on%20WPA.pdf>
>
> New attack cracks common Wi-Fi encryption in a minute
> <http://www.networkworld.com/news/2009/082709-new-attack-cracks-common-wi-fi.html>
>
> Passphrase Flaw Exposed in WPA Wireless Security
> <http://www.technewsworld.com/story/32070.html>
>
> Cracking Wi-Fi Protected Access (WPA)
> <http://www.ciscopress.com/articles/article.asp?p=369221>
> <http://www.ciscopress.com/articles/article.asp?p=370636&rl=1>
>
> Cracking WEP and WPA Wireless Networks
> <http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks>


Why are you telling people to use dictionary based words rather than a random character string?

A random character string over 25 characters long is basically uncrackable on a home PC.

On 4 Jun 2011 15:22:27 +1000, "Dr Who"
<dead_letter_office@hotmail.com> wrote:

>John Navas wrote:
>Why are you telling people to use dictionary based words rather than a random character string?
>
>A random character string over 25 characters long is basically uncrackable on a home PC.
And very forgettable ....
I put an punctuation mark every now and then in my passphrase
to make it harder to crack.
:)