Re: best practices to secure home's network

From: Jeff Liebermann (jeffl_at_comix.santa-cruz.ca.us)
Date: 10/13/05


Date: Wed, 12 Oct 2005 22:43:31 GMT

On Wed, 12 Oct 2005 17:57:02 GMT, John Navas
<spamfilter0@navasgroup.com> wrote:

>If you're going to accuse me of starting Internet rumors, at least have the
>courtesy not to snip relevant materials from my post. ;)

Guilty as charged. I'll put it back.

   Just about any 8-character string a user may select will be in the
   dictionary. As the standard states, passphrases longer than 20
   characters are needed to start deterring attacks. This is
   considerably longer than most people will be willing to use.
(...)
   The PSK MAY be a 256-bit (64 hexadecimal) random number. This
   is a large number for human entry; 20 character passphrases are
   considered too long for entry. Given the nature of the attack
   against the 4-Way Handshake, a PSK with only 128 bits of security
   is really sufficient, and in fact against current brute-strength
   attacks, 96 bits SHOULD be adequate. This is still larger than a
   large passphrase ...

The way I read this is that the WPA-PSK pass phrase should be longer
than 20 characters but such pass phases are designated by the author
as "too long for entry" and "longer than most people will be willing
to use".

With all due respect, this is not exactly what I would call a clear
suggestion that over 20 characters is adequate WPA-PSK security and
may be safely used. It also makes no mention that only WPA-PSK is
vulnerable to such attacks and that other forms of WPA are acceptable.
Methinks it would have been better if you clearly specified the
limitations and alternatives to WPA-PSK. It's not like this is
something totally new as the problem was first identified in Nov 2003.

-- 
Jeff Liebermann  150 Felker St #D Santa Cruz CA 95060
831.336.2558 voice         
http://www.LearnByDestroying.com           AE6KS
http://802.11junk.com      Skype: JeffLiebermann
jeffl@comix.santa-cruz.ca.us    jeffl@cruzio.com