SUMMARY:

WPA-PSK is vulnerable to offline attack.

TO AVOID THE PROBLEM:

USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. Examples:
BAD: "vintage wine"
GOOD: "floor hiking dirt ocean"
(pick your own words, even longer is better)
FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS.

BACKGROUND:

Weakness in Passphrase Choice in WPA Interface
By Glenn Fleishman
By Robert Moskowitz
Senior Technical Director
ICSA Labs, a division of TruSecure Corp
<http://wifinetnews.com/archives/002452.html>

...
The offline PSK dictionary attack
...
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20 characters
are needed to start deterring attacks. This is considerably longer than
most people will be willing to use.

This offline attack should be easier to execute than the WEP attacks.
...
Using Random values for the PSK

The PSK MAY be a 256-bit (64 hexadecimal) random number. This is a large
number for human entry; 20 character passphrases are considered too long
for entry. Given the nature of the attack against the 4-Way Handshake, a
PSK with only 128 bits of security is really sufficient, and in fact
against current brute-strength attacks, 96 bits SHOULD be adequate. This is
still larger than a large passphrase ...
...
Summary
...
Pre-Shared Keying is provided in the standard to simplify deployments in
small, low risk, networks. The risk of using PSKs against internal attacks
is almost as bad as WEP. The risk of using passphrase based PSKs against
external attacks is greater than using WEP. Thus the only value PSK has is
if only truly random keys are used, or for deploy testing of basic WPA or
802.11i functions. PSK should ONLY be used if this is fully understood by
the deployers.

See also:
Passphrase Flaw Exposed in WPA Wireless Security
<http://www.technewsworld.com/story/32070.html>

Wi-Fi Protected Access. Security in pre-shared key mode
<http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access>

Cracking Wi-Fi Protected Access (WPA)
<http://www.ciscopress.com/articles/article.asp?p=369221>
<http://www.ciscopress.com/articles/article.asp?p=370636&rl=1>

WPA Cracker
<http://www.tinypeap.com/html/wpa_cracker.html>

On 15 Des, 17:30, John Navas <spamfilt...@navasgroup.com> wrote:
>
> * * * GOOD: "floor hiking dirt ocean"

All those words are included in a pretty simple english dictionary
with less than 1000 words, which means a password phrase with four of
those words will give 1 000 ^ 4 combinations. With my crack algorythm
and a puter it would take me less than 10 days to find the phrase.
With a simple asic, less than three minutes.

For the password phrase not to be weaker than AES itself, you need 13
random words from a simple dictionary with at least 1000 words. For
random letters (a-z) the number is 28. This means "threre is nothing I
like more than a good disbute with my friends on a daily basis every
day" is about as secure as "wdhozjlktiolbhdkeorjmfdhierk". Remember
not to count for the short words in the phrase.

On Mon, 15 Dec 2008 15:09:45 -0800 (PST), Chrisjoy
<ultralibertarianer@gmail.com> wrote in
<65db48c9-5dba-4c31-86aa-34cf49f3c841@p2g2000prf.googlegroups.com>:

>On 15 Des, 17:30, John Navas <spamfilt...@navasgroup.com> wrote:
>>
>> * * * GOOD: "floor hiking dirt ocean"
>
>All those words are included in a pretty simple english dictionary
>with less than 1000 words,

Correct. That's the idea.

>which means a password phrase with four of
>those words will give 1 000 ^ 4 combinations. With my crack algorythm
>and a puter it would take me less than 10 days to find the phrase.
>With a simple asic, less than three minutes.

That's sufficient for most people, but I go on to say:
FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS
Those numbers?

>For the password phrase not to be weaker than AES itself, ...

That's not a meaningful criteria.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John Navas FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

On Dec 16, 12:45*am, John Navas <spamfilt...@navasgroup.com> wrote:
> On Mon, 15 Dec 2008 15:09:45 -0800 (PST), Chrisjoy
> <ultralibertaria...@gmail.com> wrote in
> <65db48c9-5dba-4c31-86aa-34cf49f3c...@p2g2000prf.googlegroups.com>:
>
> >On 15 Des, 17:30, John Navas <spamfilt...@navasgroup.com> wrote:
>
> >> * * * GOOD: "floor hiking dirt ocean"
>
> >All those words are included in a pretty simple english dictionary
> >with less than 1000 words,
>
> Correct. *That's the idea.
>
> >which means a password phrase with four of
> >those words will give 1 000 ^ 4 combinations. With my crack algorythm
> >and a puter it would take me less than 10 days to find the phrase.
> >With a simple asic, less than three minutes.
>
> That's sufficient for most people, but I go on to say:

Who are you to tell what is sufficient, crackpot?

> FOR HIGH SECURITY, USE MORE THAN 32 CHARACTERS
> Those numbers?

Already told you. 28 (a-z) (excluding A-Z)

With 32 you got a stronger password than the cryption behind, which is
meaningless.

> >For the password phrase not to be weaker than AES itself, ...
>
> That's not a meaningful criteria.

That's the ONLY meaningful criteria.

On Mon, 15 Dec 2008 17:19:38 -0800 (PST), Chrisjoy
<ultralibertarianer@gmail.com> wrote in
<b8d5f2f2-526f-4305-aead-b2ccd7676d9f@r10g2000prf.googlegroups.com>:

>Who are you to tell what is sufficient, crackpot?
With that insult you concede the debate. Thanks for saving me the time.

--
John

On 16 Des, 02:35, John Navas <spamfilt...@navasgroup.com> wrote:
> On Mon, 15 Dec 2008 17:19:38 -0800 (PST), Chrisjoy
> <ultralibertaria...@gmail.com> wrote in
> <b8d5f2f2-526f-4305-aead-b2ccd7676...@r10g2000prf.googlegroups.com>:
>
> >Who are you to tell what is sufficient, crackpot?
>
> With that insult you concede the debate. *Thanks for saving me the time..

I didn't think you would be able to produce a reasonable answer to my
valid objection, dumb ****.