Cracking WPA-PSK

Is this statement true about cracking wpa-psk key.

WPA-PSK may be vulnerable to a brute force attack but, with the choice
of the right password, it becomes unfeasible.

Assuming a decent utility is used, a 31 character long password of
random upper- and lowercase letters and numbers results in 62^31, or
3.7x10^55 possible combinations.

If we assume 60 attempts per second, it will take more that 1.3x10^36
times the age of the universe (15 billion years) to attempt every
possible combination. The average time would be half that, or
6.5x10^35 times the age of the universe.

Even if someone were to come up with a scheme that reduced the
bruteforce time to 1 trillionth of what would be required otherwise,
it would still take 6.5x10^23 times the age of the universe. And so
on...

Unless someone find another way to get the password (e.g., can
determine from traffic (like with WEP), beats it out of me, hacks my
laptop, etc.), my WAP will remain secure until long after I'm dead.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Is this statement true about cracking wpa-psk key.
>
> WPA-PSK may be vulnerable to a brute force attack but, with the choice
> of the right password, it becomes unfeasible.
>
> Assuming a decent utility is used, a 31 character long password of
> random upper- and lowercase letters and numbers results in 62^31, or
> 3.7x10^55 possible combinations.
>
> If we assume 60 attempts per second, it will take more that 1.3x10^36
> times the age of the universe (15 billion years) to attempt every
> possible combination. The average time would be half that, or
> 6.5x10^35 times the age of the universe.
>
> Even if someone were to come up with a scheme that reduced the
> bruteforce time to 1 trillionth of what would be required otherwise,
> it would still take 6.5x10^23 times the age of the universe. And so
> on...
>
> Unless someone find another way to get the password (e.g., can
> determine from traffic (like with WEP), beats it out of me, hacks my
> laptop, etc.), my WAP will remain secure until long after I'm dead.

Here's a cool link that helps...

http://www.kurtm.net/wpa-pskgen/#keygen_a

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Is this statement true about cracking wpa-psk key.
>
Why not ask the person that wrote the article? he seems to know what he is
talking about. If you understand it that would help. It can be cracked
quite easily with the right software, all that is required is around 50MB of
data to be monitored. So keep changing the password !

> laptop, etc.), my WAP will remain secure until long after I'm dead.

Depends on how long you live and whether in your lifetime quantum
computers become the norm. If they do then all present known encryption
just becomes a whole bigger problem than your AP!

David.

> talking about. If you understand it that would help. It can be cracked
> quite easily with the right software, all that is required is around 50MB of
> data to be monitored. So keep changing the password !

For WPA-PSK? Please post the link that documents that...

David Taylor <(E-Mail Removed)> hath wroth:
>Depends on how long you live and whether in your lifetime quantum
>computers become the norm. If they do then all present known encryption
>just becomes a whole bigger problem than your AP!

Quantum computers? The tiny keyboards on todays notebook and palmtop
computers are so small, I can barely type on them. Now, you want one
even smaller? Surely you jest. Unless power consumption also scales
accordingly, the power density of the accompanying power source could
easily approach a small bomb. As the devices get smaller, the
tendency for them to be susceptible to computation errors and soft
errors (from alpha paticles, cosmic raise, etc) becomes a problem:
http://www.edn.com/article/CA454636.html
In the future people will probably still continue scribbling their
passwords in obvious places. Perhaps by then, shared key security
will follow the dinosaurs.

What I really want is a personal black hole, so I can dispose of all
the electronic and computer junk easily. Also, infinite bandwidth and
distance by communicating through a black hole or modulating
neutrinos.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Sun, 12 Mar 2006 09:54:26 -0800, Jeff Liebermann
<(E-Mail Removed)> wrote:

>David Taylor <(E-Mail Removed)> hath wroth:
>>Depends on how long you live and whether in your lifetime quantum
>>computers become the norm. If they do then all present known encryption
>>just becomes a whole bigger problem than your AP!
>
>Quantum computers? The tiny keyboards on todays notebook and palmtop
>computers are so small, I can barely type on them. Now, you want one
>even smaller? Surely you jest. Unless power consumption also scales
>accordingly, the power density of the accompanying power source could
>easily approach a small bomb. As the devices get smaller, the
>tendency for them to be susceptible to computation errors and soft
>errors (from alpha paticles, cosmic raise, etc) becomes a problem:
> http://www.edn.com/article/CA454636.html
>In the future people will probably still continue scribbling their
>passwords in obvious places. Perhaps by then, shared key security
>will follow the dinosaurs.
>
>What I really want is a personal black hole, so I can dispose of all
>the electronic and computer junk easily. Also, infinite bandwidth and
>distance by communicating through a black hole or modulating
>neutrinos.
>
Jeff, I can see your points, but I wonder how many of us
hyperventilate over an issue that is only a figment of our
imaginations. I sometimes wonder if anyone would be interested in
what is on my computer, even if I left it on and with no password
protection, in an unlocked room for years. Probably no one would
bother to even look at the damned thing.

I build my passwords using the first letters of a paragraph or
song verse from one of my books. I keep the book in the book
shelves with a hundred or so other books. The page number,
chapter number, song number, and first letters of a paragraph or
verse make very nice, easy to remember passwords, and if I forget
them I can find them in the book. But, I would think someone
determined to hack my computer would have a very hard time
breaking these passwords.

Gordon

<(E-Mail Removed)> wrote:

> Unless someone find another way to get the password (e.g., can
> determine from traffic (like with WEP), beats it out of me, hacks my
> laptop, etc.), my WAP will remain secure until long after I'm dead.

That's the problem: guessing a password isn't the only way to crack
encryption. If it were, advances in computing power could be countered
by putting a time delay in how often the access point would accept
connection requests from supplicants. (That might leave the AP more
vulnerable to denial of service floods, but would effectively immunize
it from cracking.) Unfortunately, it's also possible to derive passwords
by analyzing encrypted data. For that, the factors in play are the rate
of data transmission over the network and the method and computing
horsepower being used to do the decryption.

Gordon <(E-Mail Removed)> hath wroth:

>Jeff, I can see your points, but I wonder how many of us
>hyperventilate over an issue that is only a figment of our
>imaginations. I sometimes wonder if anyone would be interested in
>what is on my computer, even if I left it on and with no password
>protection, in an unlocked room for years. Probably no one would
>bother to even look at the damned thing.

I'm not sure how we got to the subject of passwords, but methinks the
topic is worthy of my pontification. Incidentally, I am NOT a
security expert as I don't attend security conferences and publish
papers.

I can supply the names of 2 individuals who were extremely sloppy with
their passwords (i.e. using the same password for everything) and
managed to get ripped off when someone used Paypal to empty their
account. Nobody really wants what's on your computer. What they want
is sufficient information to precipitate an identity theft. SSI
number, date-o-birth, addresses, email password, credit card numbers,
and such. If you leave thse floating around your computer, you're
asking for problems.

Also, few hackers get these by breaking into your computer. They get
them by sniffing the traffic. Keyword searches of your unencrypted
email often yields amazing amounts of information.

>I build my passwords using the first letters of a paragraph or
>them I can find them in the book. But, I would think someone
>determined to hack my computer would have a very hard time
>breaking these passwords.

I think you missed my point, although I wasn't terribly clear. The
concept of a password is by its very nature insecure. I once used the
security cameras to video tape the admin logging into the server, and
extracted the login and password. The password was quite obscure and
secure. The admin wasn't. My former neighbors 14 year old brat could
play finger hacker and read back any phone number I dialed, and most
passwords I typed.

At the same time, the wireless community seems to prefer pre-shared
keys for security. This is equally dumb as once the key leaks out,
the entire system is compromised. At the very least, a compromised
password should only compromise one machine, not the entire wireless
network. RADIUS server based authorization and authentication
delivers a one time WPA encryption key for the session, which is the
right way to do this.

Passwords also only provide the autorization part of the security
puzzle. What's lacking is the authentication part. How does the
system know that you are whom you say you are? There are a variety of
schemes for authentication ranging from X.509 certificates to 3rd
party authentication authorities (Verisign etc).

Anyway, what I was hoping was that in the future computer utopia of
quantum computing, perhaps the concept of passwords and pre-shared
keys, in any form, would do me the favor of following the dinosaur
into extinction.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

> Quantum computers? The tiny keyboards on todays notebook and palmtop
> computers are so small, I can barely type on them. Now, you want one
> even smaller? Surely you jest. Unless power consumption also scales
> accordingly, the power density of the accompanying power source could

You're missing the point entirely, it's nothing to do with size but the
nature in which they process.

http://www.qubit.org/library/intros/comp/comp.html

http://www.sciencedaily.com/releases...0604202933.htm

(and a variety of others links with a google )

David.