Telling it like it is...    
· Home
· Articles
· Chat
· Downloads
· Forum
· Journal
· Search
· Stories Archive
· Submit News
· Surveys
· Topics
· Web Links
· Your Account

Distributed Computing
· SETI Team News
· SETI Team Info
· Folding Team News
· Folding Team Info

Social Bookmark


Size matters, baby
Posted on Thursday, December 20 @ 12:25:51 PST by T

Wireless network security depends on longer passwords.

If you have a wireless network and don't use enterprise-grade authentication systems such as RADIUS and the like, then your network should ideally be secured with WPA2 using AES/CCMP. WEP was broken years ago, and WPA with TKIP is also vulnerable. For the time being, WPA2 / AES has not yet been broken, but its security is proportional to the length and complexity of the password. Some routers provide a feature called WPS, which is intended to make it easier for the average user to connect wirelessly, but WPS is a gaping security flaw... if your router has WPS then make sure it's disabled.

WPA2 passwords can at present only be broken by means of what's called a dictionary attack. This requires capturing some encrypted data which includes the wireless key (or "handshake"), and then using a cracking program to compare that encrypted data against a very long word list, the "dictionary" in the name of the attack. It's very easy to do but takes time, and it's the time taken which provides the security. A short password doesn't take long to break, but a longer password takes longer to break, with each additional character making it exponentially more difficult.

Computers are designed for number crunching, of which this is an excellent example, but they still take time to do it. Modern computers can easily reach 20,000 combinations per second or higher. Then there are dedicated supercomputers, which harness multiple processors in parallel to reach hundreds of thousands if not millions of combinations per second, and the technology is only going to improve. Coupled to this is the use of rainbow tables, which are pre-computed combinations which can be tested orders of magnitude faster than a plain dictionary. The trade-offs with a rainbow table are the time taken to pre-compute the table in the first place and the fact that each network SSID/dictionary combination is unique; the rainbow table must be recreated every time the SSID or dictionary changes.

To illustrate, imagine that your password can be only numbers. If your password is 1 character long then there are only 10 possible choices (0, 1, 2, 3, 4, 5, 6, 7, 8, and 9), trivially easy to guess for a human, never mind a computer. If your password is 4 characters long then there are 10,000 possible choices (0000 through to 9999), much more difficult for a human but still trivially easy for a computer. 10,000 possible choices would be cracked in half a second, with our 20,000/sec computer above.

The minimum length of a WPA2 password is 8 characters. If the password is all numerals, such as used by WPS, then 8 characters gives 100,000,000 combinations. One hundred million combinations are effectively impossible for a human to crack, but it still doesn't take very long for a computer to do it. Our modest 20,000/second computer above would take a maximum of 5,000 seconds (1h 23m 20s) to crack an 8-number code. (This is one reason why WPS should be disabled if it's available. In addition, there are other attacks which specifically target WPS and its method of validating the PIN, and which don't require the capture of encrypted handshakes beforehand, but those attacks are beyond the scope of this article.)

And this is also why length and complexity are important.

There are 95 possible characters which can be used in a WPA2 password, all the way from ASCII 32 (space) to ASCII 126 (~), including upper-case, lower-case, numbers, and various punctuation symbols. With an 8-character password, this gives 958 or 6,634,204,312,890,625 possible combinations. With our lowly 20,000/second computer, this would take up to 331,710,215,645 seconds (92,141,726h 34m 5s, or 3,839,238 days, or 10,518 years). If, though, we had a 10,000,000/second supercomputer - and there are those who do - then the maximum time taken drops to 663,420,431 seconds, 184,283h 27m 11s, 7,678 days, or ~21 years. There is a commercial service - cloudcracker.com - which claims to be able to test 4,832,000,000 combinations inside 2 hours, which works out at roughly 671,111/second. At that rate, it would take up to 313 years to crack an 8-character password using the entire 95-character set.

The important thing to stress is "up to". The cracker could get lucky and get your password in the first few goes. The other thing to bear in mind is how much space the dictionary takes up. Many people use easily-guessable passwords, such as common dictionary words, sports team names, family names, car names, etc. Dictionaries focused on particular themes are easy to create and don't take up much space.

In contrast, a dictionary with all possible 8-character combinations from a 95 character set, would be unbelievably huge. If no fancy compression is used, each possible combination takes up 9 bytes: 8 bytes (characters) for the combination plus a 9th byte to mark the break between one line and the next. A dictionary with all possible 8-character combinations would take up 59,707,838,816,015,625 bytes of space, 55,607,258 gigabytes, or 54,304 terabytes. You can currently buy ~3TB disks; the would-be cracker would need significantly more than 18,000 of those disks to hold that much data.

The maximum length of a WPA2 password is 64 characters. With 95 possible characters to choose from, this gives 9564, or just over 3.75126, possible combinations. That's slightly more than 375 followed by 124 zeroes. There aren't enough hard disks in the world, or enough time before the sun goes nova, to compute a password that long.

So, in summary, if you have a wireless network, make sure you use WPA2 with AES/CCMP (not TKIP), make sure you use a reasonably long password with a mix of upper-case, lower-case, numbers and punctuation and, for goodness' sake, disable WPS. If WPA2 turns out to have vulnerabilities like WPA, then it'll become necessary to find another method to secure one's network but, until then, long, complex passwords are the way to go.

Article's Poll
What security do you use on your wireless network?

Sharing is caring. My network is open.
I use WEP, despite knowing better
I still trust WPA-PSK
I'm reasonably paranoid and use WPA2-PSK
Enterprise-grade authentication, e.g. RADIUS
I don't use a wireless network.

[ Results | Polls ]

Votes 10



Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Related Links
· More about News
· News by T

Most read story about News:

Article Rating
Average Score: 4.85
Votes: 7

Please take a second and vote for this article:

Very Good


 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

This site designed and hosted by littleblackdog.com
All product names throughout this site are trademarks or registered trademarks of their respective holders.
Copyright 2000-2012, littleblackdog.com | All rights reserved | Please read our legal info
No portion of this site may be duplicated without specific permission from the site owner.

Web site engine code is Copyright © 2003 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.