Re: best practices to secure home's network
From: Jeff Liebermann (jeffl_at_comix.santa-cruz.ca.us)
Date: Wed, 12 Oct 2005 22:43:31 GMT
On Wed, 12 Oct 2005 17:57:02 GMT, John Navas
>If you're going to accuse me of starting Internet rumors, at least have the
>courtesy not to snip relevant materials from my post. ;)
Guilty as charged. I'll put it back.
Just about any 8-character string a user may select will be in the
dictionary. As the standard states, passphrases longer than 20
characters are needed to start deterring attacks. This is
considerably longer than most people will be willing to use.
The PSK MAY be a 256-bit (64 hexadecimal) random number. This
is a large number for human entry; 20 character passphrases are
considered too long for entry. Given the nature of the attack
against the 4-Way Handshake, a PSK with only 128 bits of security
is really sufficient, and in fact against current brute-strength
attacks, 96 bits SHOULD be adequate. This is still larger than a
large passphrase ...
The way I read this is that the WPA-PSK pass phrase should be longer
than 20 characters but such pass phases are designated by the author
as "too long for entry" and "longer than most people will be willing
With all due respect, this is not exactly what I would call a clear
suggestion that over 20 characters is adequate WPA-PSK security and
may be safely used. It also makes no mention that only WPA-PSK is
vulnerable to such attacks and that other forms of WPA are acceptable.
Methinks it would have been better if you clearly specified the
limitations and alternatives to WPA-PSK. It's not like this is
something totally new as the problem was first identified in Nov 2003.
-- Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 831.336.2558 voice http://www.LearnByDestroying.com AE6KS http://802.11junk.com Skype: JeffLiebermann firstname.lastname@example.org email@example.com