[Tfug] Slightly OT crypto question (WiFi/WPA)
Angus Scott-Fleming
angussf at geoapps.com
Sun Dec 13 12:57:08 MST 2009
On 13 Dec 2009 at 10:22, David Rice wrote:
> I think that's a good password for dictionary attacks, but if your
> really concerned about other attacks then you need to log authentication
> attempts and alert on some sort of threshold of bad attempts, Long
> passwords won't cover deauthentication attacks, this is were you force
> the client to disconnect and you capture the authentication attempt, the
> brute force that using rainbow tables offline.
Just use the longest possible password your WPA router will support, that will
stop the brute-force/rainbow table attacks, which focus entirely on shorter
passwords (can't remember if their up to 8 or 12 chars in the tables now). Set
your password using a random-number generator http://grc.com/password.htm is a
good free source, then just copy the 63-char pwd to a USB key and use that ...
> So I would also hard code the mac addresses that you trust if your really
> worried about it.
That MAC-address filtering provides any additional security these days falls
under the category of "urban myth", as does the idea that hiding the AP's SSID
is a security measure. Every OS now includes MAC-address spoofing, so hard-
coding MAC addresses won't help at all since both your MAC address AND the
"hidden" SSID of the AP are both broadcast in every packet.
HTH
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
+-----------------------------------+
More information about the tfug
mailing list