Monday, 22 August 2011

How to prevent your WLAN being 'low hanging fruit' for the script kiddie next door

Stop using memorable WPA-PSK passphrases! For god sake the computer even saves them for you. There are really large rainbow tables out there that have precomputed hashes for most common passphrases. If you don't heed this warning then watch this and carry on with your life somewhere far away from any wireless network that I have to use.
The minimum number of characters for a WPA-PSK passphrase is 8. The maximum is 63. Very few users actually use more than about 20 characters. As well, they also choose known words and phrases, likely to be in a dictionary. This means that rainbow tables are likely to be effective in cracking the network relatively quickly.
To get decent protection from WPA-PSK, you should use a very long, very random, alphanumeric string longer than 20 characters. To protect yourself further, particularly against the WPA-PSK hashtables, you should use a SSID not on the top 1000 list (another very long, very random, alphanumeric string would be ideal). Failing that an original 32 character passive aggressive message to your neighbours works nicely e.g. "NiceBudgieSmugglersDouchefag" This will force the attacker to compute their own list, rather than use one of the tables.
Ideally, one should be using WPA2 with a radius server to get more reliable protection.