Router WPA2 Passphrase

Discussion in 'privacy technology' started by mw5300, Aug 8, 2008.

Thread Status:
Not open for further replies.
  1. mw5300

    mw5300 Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    1
    Hey guys,

    I just installed a new wireless router and set it up with WPA2 encryption. My pass phrase is just a sentence. I was wondering if this would be insecure because of dictionary attacks? It's a really long sentence, but the individual words can easily be found in a dictionary.

    Thanks!

    Mark
     
  2. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    A 20 character passphrase for WPA is considered secure. If it over that it should be quite secure. Ideally use 63 extended ASCII characters and store it on your PC. It be safe enough.

    I like to use this program for WPA. WEP/WPA key Generator

    eg. ¸þ'ÉIáà°¿¬¯w üÜøí¨Øò4Û¥2#¾*ïÉcl.V·ÜÑà,t xÎQ»$ß"Røñ:l2ÕÊ_¶WÎ%On< very secure :)
     
    Last edited: Aug 9, 2008
  3. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,976
    Location:
    U.S.A.
  4. MikeNAS

    MikeNAS Registered Member

    Joined:
    Sep 28, 2006
    Posts:
    697
    Location:
    FiNLAND
    I'm using GRC passwords. Working fine and high quality and security. All devices doesn't allow to use full printable ASCII so I have to use that "easy" one.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,700
    Hello,
    That's called paranoia. Something like A11-y0ur-bAs3-arE-bEl0ng-t0-us is more than enough.
    Cheers,
    Mrk
     
  6. Fontaine

    Fontaine Registered Member

    Joined:
    Jan 29, 2008
    Posts:
    245
    This is an interesting thread, because I've often wondered if you encrypt your hard drive so a password is required upon boot, and you use the best practice of employing a completely random password such as: ?2kCoB,<(NvI|ILkf!J+(P.;0ax'FmItwZpGdOLV4>tO~BYbN"<:0>[)3To3;#G, then how do you enter it each time you boot/reboot? You would obviously have to write it down somewhere which creates a security vulnerability. Anyone have good or interesting ideas on how to create a random password that is properly managed? (i.e. not written down, unless the paper is stored somewhere remotely/securely)
     
  7. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,976
    Location:
    U.S.A.
    For boot/reboot, I have mine typed in my cell phone's Messaging/ Drafts section. Any other passwords are on a text file inside my USB drive and there are no indications as to what programs the passwords belongs to, however, some passwords have the acronym for the program at the beginning and some at the end.
     
  8. markymoo

    markymoo Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    1,212
    Location:
    England
    Using a program to create a random 63 extended ASCII password is so easy and no more trouble than creating A11-y0ur-bAs3-arE-bEl0ng-t0-us , it's just a click to generate, so i might as well get the securest password i can. if that's being paranoid which is a good thing in security then so be it. It just about using common sense, after awhile it second nature. whichever i use i still have to save it to paste it in. If it's a password i can remember then it's not secure enough. Saving it on the PC is hardly a risk as the PC is so secure. I store it encrypted again with AES text encryption. I could save it to a USB stick but don't. Any hackers that did get hold of the password would have to be close to use the wireless and they also have to spoof the MAC address. Any extra LAN IP's that join the network, software will alert me. I disable SSID,assign static IP and disable DHCP. I change the password every month and wipe my PC lots. I live out in the country with less houses around and it alot safer than living in a city surrounded by lots of wireless connections.
     
    Last edited: Aug 9, 2008
  9. KookyMan

    KookyMan Registered Member

    Joined:
    Feb 2, 2008
    Posts:
    367
    Location:
    Michigan, USA
    Randomness and 64 characters is a lot less important than having a non pure alphanumeric password. IE: The odds of "Th1sPass%wordBe1ngCracked" are slim to none.

    The odds of "Password" being cracked are very good, but the odds of "!%soiV5#" being cracked are a lot less. Actually, unless someone does a pure brute force (starting at 0 and checking everything) it is unlikely you will be compromised since most people will start with a dictionary attack trying combination of words.

    15 characters using letters, numbers, and specials will most likely not be cracked anytime in the next year, depending on how many tests / second.
     
  10. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    As long as your word is not in the dictionary or combination words in the dictionary you should be fine.
     
  11. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    KeePass
     
  12. wat0114

    wat0114 Guest

    I agree with both of the above, especially for the typical home router. Maybe for the FBI or the CIA, okay, more is better, otherwise we're getting into overkill.
     
Loading...
Thread Status:
Not open for further replies.