New easy method to crack Wifi WPA2, how long a password is enough ?

[BravoV]

Just read these ...

-> Hashcat developer discovers simpler way to crack WPA2 wireless passwords

Details ...

-> New attack on WPA/WPA2 using PMKID

Slashdotted ...

-> Hashcat Developer Discovers Simpler Way To Crack WPA2 Wireless Passwords


I'm fully aware that if NSA or CIA or any gov bodies want to crack mine, it should be piece of cake and I'm not worry about that.

What I want to just to make any naughty neighbor's not that easy to crack mine, say he/she owns a powerful current desktop machine, but not on massive distributed cracking networks.

Cmiiw, after reading, in order to make the hacking harder is just make the password long enough and consist of long random letters numbers, something like : J02Hcpqzx92Jiqm34xZ ... and etc

Also I'm not worry to memorize it as it will be typed only once at each gadget I own at home.

I haven't checked yet if mine is vulnerable, I use quite a recent model dual band wifi router at home, still on WPA2.


The question is, how long a WPA2 password is needed that has a "relatively" good enough to make it not that easy, or at least not that quickly decoded, say like it will take few months maybe ? Or even years with the current latest powerful desktop ?

Any other thoughts are welcome.

[Leiothrix]

As long as it is longer than 22 characters it doesn't really matter how long it is as it gets turned into a 128 bit key anyway.

There's a nice discussion on slashdot about this.  The dup will be along in a couple of hours for those that missed it the first time too 

[BravoV]

As long as it is longer than 22 characters it doesn't really matter how long it is as it gets turned into a 128 bit key anyway.

Great  , as I am a noob on this matter, 22 characters it is, changed. 

Any idea how long it takes approximately to crack it at say at a recent octa cores desktop ?

[Halcyon]

The question is, how long a WPA2 password is needed that has a "relatively" good enough to make it not that easy, or at least not that quickly decoded, say like it will take few months maybe ? Or even years with the current latest powerful desktop ?

Any other thoughts are welcome.

There really isn't one answer to this question. It really depends on the hardware of the cracker. Personally, I use WPA2 Enterprise which uses a username/password and certificate combination to authenticate. That's "best practice" when it comes to Wi-Fi networks but usually beyond the capabilities of a home user. If I were to use regular WPA2, I'd be recommending you use a password of at least 12 characters (upper and lower case, digits and special characters).

On my "legacy" Wi-Fi network I use a password exceeding 24 characters. I also highly recommend you disable 802.11r (Fast BSS transition) if your access point supports it.

There are other ways you can limit your exposure to malicious users but this is where you need someone who really knows their wireless/network security well.

[helius]

PMK is an extension that allows for BSSID roaming. If you have a single AP network it should not be enabled anyway.