How Long Is Too Short for WPA Keys?

George Ou pointed out a few days ago that a good key could be seven characters long:
He argues that there’s sufficient entropy with just seven characters
with A-Z, a-z, and 0-9—although WPA passphrases must be at least eight
characters long. He also omits punctuation, which would add more fuzz
into the system for those trying to crack keys.

His approach is fundamentally consistent with Robert Moskowitz’s much linked-to paper on key weaknesses in WPA passphrase choice.
In that Nov. 2003 paper, Moskowitz notes that dictionary-based short
passphrases have a high degree of weakness, but that random values
could be as short as 96 bits (which could be represented as 12 hex
characters) and still be resistant to brute force attacks.

From Wi-Fi Networking News.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s