The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

  • Subscribe

  • Xavier’s tweets

    Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • Goodreads

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 1,186 other followers

  • Blog Stats

    • 52,406 hits

How Long Is Too Short for WPA Keys?

Posted by Xavier Ashe on November 21, 2005

George Ou pointed out a few days ago that a good key could be seven characters long:
He argues that there’s sufficient entropy with just seven characters
with A-Z, a-z, and 0-9—although WPA passphrases must be at least eight
characters long. He also omits punctuation, which would add more fuzz
into the system for those trying to crack keys.

His approach is fundamentally consistent with Robert Moskowitz’s much linked-to paper on key weaknesses in WPA passphrase choice.
In that Nov. 2003 paper, Moskowitz notes that dictionary-based short
passphrases have a high degree of weakness, but that random values
could be as short as 96 bits (which could be represented as 12 hex
characters) and still be resistant to brute force attacks.

From Wi-Fi Networking News.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: