However I'm concerned about the increasing power of computers and their ability to crack handshakes, as such I was considering increasing the length. I'm aware that I can go up to 63 characters if I were extremely paranoid, but unfortunately I have to type this password into Android phones and other devices so I'd rather keep it reasonably short to allow for it to be easily typed.
Would a character random password be enough to secure a WPA2 encrypted network? What is the current recommendation for password lengths, especially for wireless networks and what password length would be sufficient to protect my network against a standard attack?
Yes, 16 characters is more than sufficient , if they are randomly generated using a cryptographic-strength PRNG. If you use lower-case, upper-case, and digits, and if you generate it truly randomly, then a character password has 95 bits of entropy. That is more than sufficient.
Actually, 12 characters is sufficient ; that gives you 71 bits of entropy, which is also more than sufficient for security against all of the attacks that attackers might try to attack your password. Once your password is 12 characters or longer, the password is extremely unlikely to be the weakest link in your system. Therefore, there's not much point choosing a longer password.
I see people who recommend using a character password, but I don't think there's any rational basis for doing so. My view is that usability is very important: if you make the security mechanism too hard to use, people will get annoyed and may be more reluctant to use it in the future, which isn't good. A secure mechanism that isn't used isn't doing anyone any good. That's why I prefer to choose a shorter password, like 12 characters or 16 characters in length, as it is perfectly adequate and more usable than a monstrous character beast.
Be careful how you choose the password. For instance, here is a simple script I use on Linux:. Don't try to choose passwords yourself. Human-chosen passwords are typically easier to guess than a truly random password. One very important caveat: There are other issues as well, beyond password length. This question has been asked many times before, a 12 character password that has numbers,signs, lower and upper case letters will take a very long time to bruteforce.
If your password is not present in a dictionary, then you will need to use a bruteforce attack. We can do an estimation on the amount of passwords tried:. Then you will have:. I wrote up a little script in Perl for you at the bottom. You should be able to interpret it and get your answer with a calculator as well, though. Remember that if your password is in a dictionary or short enough to produce Rainbow tables for that the effective strength is much weaker that would otherwise be calculated.
Benchmark PBKDF2 to determine how fast a password can be tested Lucas points out , with some heavy graphics hardware. Note that Rainbow tables will be a factor if you have a common SSID name "linksys" , but won't be if you have something much more obscure.
There's really no one-size-fits-all answer for this. The short of it comes down to this: If you want a proper balance of security and usability that's right for you , make the password as long and complex as you can tolerate.
For me personally, I have no qualms about setting a character randomly-generated PSK on my access points. Yes, it may be difficult to enter into smart-devices and such. But the thing I keep reminding myself with this is that I only need to enter it one time per device.
PSK was designed for home and small office networks that do not require the complexity of an Some reasons to use PSK authentication are:. Your legacy clients might not support If an administrator leaves the company, you should reset the PSK key. This can become tiresome and be skipped. Keys tend to become old because they are not dynamically created for users upon login, nor are the keys rotated frequently.
Interestingly, both of these protocols use a pre-shared key, but the encryption on WEP is considered weaker than the encryption on WPA systems.
The concept of a pre-shared key goes all the way back to primitive non-digital cryptography in prior centuries. The idea is that users utilized an initial secure channel to deliver a key, and then subsequently at a future time, sent secondary transmissions where encryption depended on that initial key.
One can think of some of the simple book ciphers of the early to mid-millennium where recipients used the pre-shared key to decode messages sent encrypted in the printed pages of a book. The key was often a book in which both the sender and receiver could measure equidistant letter sequence markings. The key could be delivered in person. After that, the sender could send a set of numbers corresponding to an equidistant sequence matching the letters in the book.
Without the underlying book, the pre-shared key, the set of numbers would defy analysis or code-breaking. The code was not a cipher, then, but a reference to the pre-shared key itself. Active Oldest Votes. According to the Dominic Gifford Dominic Gifford 6 6 silver badges 6 6 bronze badges. Brad Brad 21 3 3 bronze badges.
Jeroen Jeroen 5 5 silver badges 4 4 bronze badges. Did you mean multiple? Sign up or log in Sign up using Google. Sign up using Facebook. Sign up using Email and Password.
0コメント