Wireless security

Hi everyone, I would like to ask a few questions about wireless security.
I have been reading about programs like backtrack and aircrack, capturing handshakes, then uploading them online, where apparently they can run dictionary attacks at high speed ( one claims 300 million in 20 mins )
Am i right in thinking these attacks only work against weak passwords, and that a 30 digit password including characters is impossible to break.
Thats my main question, two others are, 1 , i also read it is advisable not to disable your SSID, as this makes your computer shout out your SSID while trying to connect to the router, allowing someone to impersonate your router. I do not understand this
Finally how complex does the route login password need to be, can this be captured wirelessly and cracked ?
Many thanks in advance for your answers

 

300 million in 20 mins isn't very fast. Even at a billion or 100 billion it would be centuries before a 12 character strong password is cracked. A 30 character password would take much longer.

Disaple WPS for your router. Use WPA2. Keep your firmware up to date.

 

Thanks for the reaasurance Hungry Man, as for WPS, i don;t think my router even has that function

 

If using WPA2 your wifi traffic will be encrypted and if someone captures login credentials they wont be able to read it (unless someone knows your wifi passcode and is already in your network).
Some routers support HTTPS if yours does enable it.

 

Hi again, one of my reasons for brushing up on this subject, is a friend has asked me to set up their router. I know about strong passwords, mac filtering etc
The new router in question does have WPS, i have just read an article saying even with WPS pin disabled, it can still be cracked. Am i getting paranoid or is this a concern , thanks http://www.house4hack.co.za/brute-force-attack-against-wifi-protected-setup

 

Not sure how it cracked WPS if it was turned off. I'm not sure it did. Regardless, turning it off will at the very least slow things down.

 

In 2012, 300 million in 20 minutes is really low end, and yes most adversaries will only be able to break weak passwords, or passwords obtained from word lists. Now word lists are not just dictionary words in different languages, they are sometimes terabyte sized lists of compromised passwords from popular websites and databases. That being said even a longer password will not offer much protection if your password is already captured on one of those lists.
In targeted attacks the malicious user may even be able to generate potential word list combinations based on what you have publically available online such as your facebook/twitter profile which can offer insight into your interests, hobbies, location all of which could be a potential password.

What would I recommend?

Use a password passphrase of 20 characters or more. Regenerate a new key every 30 days if you are using WPA2 in PSK mode. If also using WPA2 enable AES only. Disable UPnP and WPS on your router, and limit the admin interface to only wired connections if your environment permits. If you are using proprietary/open source firmware make sure to keep it up to date.

Do not bother with disabling SSID or enabling MAC filtering as a security tool. While the router will not broadcast the name of the network, when an authorized client attempts to join the client will broadcast the network ssid to the router. Anyone sniffing the network will be able to capture the name easily. Second MAC addresses are visible to everyone over a wireless network. If an adversary detects this feature is enabled, simple monitoring of the network will show which client MACs are allowed to connect and they can spoof their MAC to match in a matter of seconds.

Last the WPS vulnerability will only affect some routers (not all) when disabled. From the top of my head Cisco/Linksys was the main vendor with WPS not completely disabling due to firmware issues in certain models. However all routers that use WPS should be considered vulnerable and WPS disabled.

 

Agreed. These things will only make regular usage harder for you, they won't do much to slow down an intruder.

 

Many thanks to all, I appreciate your input. Cheers

I also posted on the netgear forums, no harm in asking