Thursday, October 28, 2010

WPA Wireless Password Cracking For Fun & Profit

Many of my friends and family have heard or read my whinings about how using WEP encryption for your wireless network is a short hair away from "extremely stupid", and that you should really be using WPA (or better, WPA2). Well, I am hoping that the message has gotten through to most folks, although I must say that when I do a site survey around my neighborhood even now, I still see the occasional WEP-"protected" hotspot pop up.

But you, being smarter than the average bear, are now sitting behind a WPA-protected router at home or in your office - life is good! Welllll... maybe not. What kind of passkey did you lock it down with? Please tell me it's not your dog's name, or maybe favorite gourmet dish, or your Mom's maiden name... Is it?

The reason why I ask is this: there is at least one company out there that offers a WPA password-cracking service, for $17 a crack. Apparently it takes 40 minutes or less if your password is in their 135 million word "dictionary".

All that's required is to provide them with a "sniff" file of a wireless network that is to be infiltrated. This sniff (.pcap) file can be easily created using a laptop with a wireless card and open-source software such as aircrack-ng (even I've done it, purely in the interest of research and learning of course - and I did it using my own wireless router as the target).

Now you may be saying, "but Igor, who is going to go to the trouble of trying to hack into my network?" That's a good question, but IMO the wireless part of any network is potentially its weakest link, so why not lock it down as best you can so you don't have to worry about it?

That means you need a decent password. I won't say "excellent" or even "very good" password - you probably don't want to use the kind of gobbledegookeley password that LastPass can generate, because you might want to give some (highly) trusted person access to your wireless network. So you want a password that can be verbally relayed to someone without too much difficulty.

Remember that the kind of WPA cracking we're talking about depends on a dictionary. Even a dictionary that has 135 million words in it is not going to have bizarre combinations of words and letters (let alone punctuation marks). So how could you create a Bizarre Combination? One suggestion is to use some kind of easily rememberable number followed by a string of easily rememberable words - yet numbers and words that are not blatantly obvious to everyone that knows you. I'll throw this out:

the first address number you lived at that you remember +

high school name +

favorite gradeschool teacher

So in my case (and no I don't use this password anywhere) it would be


Now that's a pretty good password. Throwing in some punctuation and capitalization, e.g.


makes it far more unlikely (I would submit, impossible) for any dictionary to have that particular sequence in it. Easy Cheesy! And pretty easy to remember as well.

Heck, write it down on a piece of paper and put it in your desk drawer - if the miscreant who's trying to break into your network has physical access to your desk drawer, you have far bigger problems that I'll attempt to address here!

No comments:

Post a Comment