+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 17
Wireless Networks Thread, WPA Passphrase Strength. Issues? in Technical; Hi All, I've setup a test SSID with a 504 bit WPA passphrase, in the belief that (a) this is ...
  1. #1
    Gongalong's Avatar
    Join Date
    Oct 2011
    Location
    United Kingdom
    Posts
    895
    Thank Post
    808
    Thanked 19 Times in 17 Posts
    Rep Power
    10

    Question WPA Passphrase Strength. Issues?

    Hi All,

    I've setup a test SSID with a 504 bit WPA passphrase, in the belief that (a) this is as strong as they get and (b) this makes it as difficult as possible to hack.

    Are there any downsides to using such a high strength passphrase e.g. (and forgive my naivety) would it make the connection slower?

    I'm checking ahead of deploying this in a wider environment.

    TIA

  2. #2
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,782
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    connection speed no, just a pain to enter on mobile devices...

  3. Thanks to chazzy2501 from:

    Gongalong (3rd July 2013)

  4. #3

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,460
    Thank Post
    646
    Thanked 1,614 Times in 1,444 Posts
    Rep Power
    419
    If you are deploying this to an enterprise then you're using the wrong security method really.

    Ben

  5. Thanks to plexer from:

    Gongalong (3rd July 2013)

  6. #4

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    14
    also make the SSID very long and random

  7. Thanks to ConradJones from:

    Gongalong (3rd July 2013)

  8. #5

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,460
    Thank Post
    646
    Thanked 1,614 Times in 1,444 Posts
    Rep Power
    419
    Quote Originally Posted by ConradJones View Post
    also make the SSID very long and random
    Why? the ssid is broadcast and hiding it is no security.

    Ben

  9. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    The passphrase has no bearing on connection speeds, but as above, it'll be a pain for manual configurations.

    It's more important to focus on the security features of the passphrase including capitals, numbers, random characters and with a length of 8 characters or more. WPA2-PSK AES is the strongest and is highly recommended.

  10. Thanks to Michael from:

    Gongalong (3rd July 2013)

  11. #7

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,460
    Thank Post
    646
    Thanked 1,614 Times in 1,444 Posts
    Rep Power
    419
    504 0's isn't secure

    Ben

  12. 2 Thanks to plexer:

    Gongalong (3rd July 2013), tech_guy (17th July 2013)

  13. #8

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,262
    Thank Post
    242
    Thanked 1,568 Times in 1,250 Posts
    Rep Power
    340
    I think if security has to be incredibly high, making the SSID hidden, applying mac address filtering, along with what I wrote above is as strong as it gets. Alternatively ditch wireless and use Ethernet all round

  14. 2 Thanks to Michael:

    Gongalong (3rd July 2013), SovietRussia (3rd July 2013)

  15. #9

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,460
    Thank Post
    646
    Thanked 1,614 Times in 1,444 Posts
    Rep Power
    419
    But even with Ethernet you're looking at encryption and port security to make that secure.

    Ben

  16. Thanks to plexer from:

    Gongalong (3rd July 2013)

  17. #10

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    14
    Quote Originally Posted by plexer View Post
    Why? the ssid is broadcast and hiding it is no security.
    because the encrytion uses the SSID name together with the passkey. the more unique and long both of them are more processor time it takes to crack and much less likely that the "basic rainbow tables" pack includes your SSID and Passkey.

  18. #11
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,782
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    if I were a bank I'd do all of the above but I think a long wpa key is enough. having tried to hack my own wifi I can say it's too bloomin difficult to hack a simple key let alone a huge one. far easier to steal a laptop or login.

  19. #12

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    14
    Quote Originally Posted by chazzy2501 View Post
    if I were a bank I'd do all of the above but I think a long wpa key is enough. having tried to hack my own wifi I can say it's too bloomin difficult to hack a simple key let alone a huge one. far easier to steal a laptop or login.
    WEP is incredibly easy.

  20. #13
    chazzy2501's Avatar
    Join Date
    Jan 2008
    Location
    South West
    Posts
    1,782
    Thank Post
    213
    Thanked 263 Times in 213 Posts
    Rep Power
    67
    Quote Originally Posted by ConradJones View Post
    WEP is incredibly easy.
    yes I tried that it took 5 mins nice turn key app. wpa is way more involved

  21. #14

    Join Date
    Mar 2013
    Location
    west sussex
    Posts
    519
    Thank Post
    74
    Thanked 26 Times in 26 Posts
    Rep Power
    14
    Quote Originally Posted by chazzy2501 View Post
    yes I tried that it took 5 mins nice turn key app. wpa is way more involved
    agreed, and expensive.

  22. #15

    Join Date
    Dec 2009
    Location
    Woking
    Posts
    94
    Thank Post
    0
    Thanked 17 Times in 17 Posts
    Rep Power
    12
    The longer, and more random, the key the better, but generally 20 ascii characters is enough to make it very difficult to crack. If you really need security you want to look at using 802.1x which ultimately gives each wireless client a dynamic unique encryption key per session.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Linux Format, January Issue
    By kingswood in forum *nix
    Replies: 11
    Last Post: 5th December 2005, 11:02 AM
  2. Squid issues new install
    By ChrisH in forum *nix
    Replies: 5
    Last Post: 10th November 2005, 03:09 PM
  3. Gentoo issues
    By _Bob_ in forum *nix
    Replies: 1
    Last Post: 31st October 2005, 02:29 PM
  4. Exchange 2003 and Server 2003 SP1 issue.
    By tosca925 in forum Windows
    Replies: 0
    Last Post: 21st August 2005, 10:32 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •