On Fri, 29 Sep 2006 00:59:15 GMT, Jeff Liebermann
: On 28 Sep 2006 15:58:22 -0700, "Craig" <email@example.com>
: >Hmmm, unless I'm misinterpreting something...I think WPA2 can now be
: >cracked via "coWPAtty". Check out: http://churchofwifi.org/
: >say "For Defcon 14, we added WPA2 cracking capabilities."
: >Am I wrong???
: I wish you wouldn't do that. I just wasted over an hour surfing all
: the new projects on the ChurchofWiFi web pile. Lots of nifty ideas.
: It's difficult to resist temptation.
: coWPAtty is a brute force dictionary attack tool. It tries various
: keys from a list of common passwords on a capture file. Recently, it
: has been sped up substantially by the release of a list of pre-hashed
: dictionary words. The hash file is currently 7 GBytes big. Since the
: key exchange algorithm is the same for WPA1 and WPA2, adding WPA2
: support to 4.0 was not a big deal.
: | http://www.churchofwifi.org/default....lay.asp?PID=95
: How it works:
: | http://www.wirelessdefence.org/Conte...WPAttyMain.htm
: The basic idea is to NOT use words that are in a dictionary. The more
: obscure and the longer the key, the better.
I agree, up to a point. If your key consists of a single word or phrase that
could appear in a dictionary or word inventory, in any common language, you're
probably deluding yourself. But if you have a reasonably long phrase that you
can remember and that is easy to type without errors, you probably don't have
to deviate from it much in order to be safe. Good encryption algorithms (and
presumably WPA2/AES is one such) randomize the entire key as a single entity,
rather than treating its constituent parts, if any, separately. So if you
modify your phrase with a couple of unlikely misspellings, the encrypted forms
of the original and modified phrases should be entirely different, and the
modified phrase should be highly resistant to a brute-force attack.
You'll often see assertions that the key itself should be 20 or 30 characters
long and as random as you can make it. But such a key cannot possibly be
remembered and will therefore be written down, making it much more subject to
compromise. I read an article recently pointing out that using a memorable (vs
highly random) WPA passphrase increases your susceptibility to a brute-force
attack by six orders of magnitude! What the article also admitted, but only
obliquely, was that the actual decrease in the time necessary to crack the
encryption was from 100,000,000,000,000,000,000,000 times the age of the known
universe to "only" 100,000,000,000,000,000 times. Yes, that is six orders of
magnitude, but who cares?
Yes, a trivial WPA passphrase can be cracked. But until someone proves that he
can crack a passphrase that I've chosen, I'm not going to lose any sleep over