[OpenWireless Tech] ANYFI IS PROPRIETARY!
Björn Smedman
bs at anyfi.net
Wed Aug 14 10:48:47 PDT 2013
On Wed, Aug 14, 2013 at 4:45 PM, Brad Knowles <brad at shub-internet.org> wrote:
> On Aug 14, 2013, at 9:16 AM, Todd Freeman <todd at chiwifi.net> wrote:
>
>> Also as amazing as the 256aes for wpa2 sounds, its about 70bits of security in
>> real world application, that is trivial to exploit. http://www.keylength.com/en/4/
>> Bscially if you wanted the amount of security you are assuming aes256 in wpa2
>> provides, you would need to be using 15MB keys, when using 2048bit keys with
>> aes256, its really about 70bits of security, not 256.
I'm not sure what AES-256 has to do with anything... The 256-bits I
was talking about is the size of the PSK used as the Primary Master
Key (PMK) in IEEE 802.11 key derivation [1].
> It strikes me that the real security you'd be getting with 8-character WPA
> passwords would be even less -- if you assume alphanumerical characters plus
> a couple of specials, that's 64 possibilities, and 64=2^6, or six bits of entropy per
> character. With eight character passwords, that would be just 6*8=48 bits of
> entropy, which is not nearly enough -- and nowhere close to the 70 bits
> mentioned above.
True, with alphanumeric characters plus a couple of specials you're
getting 6 bits of entropy per character, so 48 bits for an 8 character
passphrase.
Assuming that you know the passphrase consists of exactly 8 characters
matching that description you've got 2^48 possible combinations on
your hands. With currently known attacks against WPA-PSK it would take
you about
2^48 / 35 / 3600 / 24 / 365 = ~255 thousand CPU years
to brute force, at least if that CPU is a "poor little laptop" that
can check 35 passphrases a second, as assumed in the previously
referenced article [2]. That's the level of security that many ISPs
choose for their customers with pre-configured residential gateways,
and to me it feels like a reasonable level of security for my home
Wi-Fi network - locally or on the go.
Now, if you're not happy with that WPA allows you to enter a
passphrase of up to 63 characters giving you 256 bits of real entropy
for your 256 bit PSK [3]. (This is what I meant by "entering the full
256 bits of entropy into your PSK".) Brute forcing that key with the
same method would take you about
2^256 / 35 / 3600 / 24 / 365 = ~1E68 CPU years.
By comparison the estimated age of the universe is only about 1E10
years (that's read "a 1 followed by 10 zeros") [4]. This I would say
gives you an excellent level of security for most purposes.
Sure there are rainbow tables [5] and so on, but that's basically just
more elaborate dictionary attacks. So as long as you have a random
passphrase, with entropy somewhere in the span above, WPA-PSK still
offers a reasonable level of security IMHO.
Hope it helps,
Björn
1. IEEE Std 802.11-2012 Clause 11.6 Keys and key distribution,
http://standards.ieee.org/getieee802/download/802.11-2012.pdf
2. http://www.smallnetbuilder.com/wireless/wireless-howto/30278-how-to-crack-wpa-wpa2?start=4
3. IEEE Std 802.11-2012 Annex M.6 Suggested pass-phrase-to-PSK
mapping, http://standards.ieee.org/getieee802/download/802.11-2012.pdf
4. http://en.wikipedia.org/wiki/Age_of_the_universe
5. https://www.google.com/search?q=rainbow+tables+wpa+cracking
More information about the Tech
mailing list