1

From the following answer, I understand a strong pre-shared key must be 15 characters at minimum and randomly generated:

https://security.stackexchange.com/a/56646/37051

However, from other reading, I understand that cryptographically strong passphrases can be made with diceware tools such as this one.

An example of a diceware-generated passphrase is:

under-chrome-obedience-navigator-shaping-stability-barracuda

Comparing that to a 15 character random password such as this, which is better as a WPA2 pre-shared key? 

z9zaBQj&$#7&Fpg

If the usage was not WPA2, I would pick the diceware passphrase because it is much longer while also being easier to use correctly (memorize, enter, etc.). However, I assume WPA2 may change the decision in some way. So, what is the best WPA2 pre-share key generation method? And how long should it really be?

user3382203
  • 11
  • 10
MountainX
  • 340
  • 4
  • 13

2 Answers2

7

Contrary to the originally accepted answer, a random multiword passphrase is not subject to what we usually mean when we say "dictionary attack" (that's when you just throw a large wordlist at a hash, one line at a time, maybe with a few rules thrown in). Such a simple attack would have no effect on a solid Diceware passphrase. Your seven-word Diceware-based example above, if truly randomly generated, would be randomly located in a pool of 1.7x10^27 possibilities (we often use "keyspace" as shorthand for this).

This keyspace is roughly the equivalent of a 13-character password randomly generated from the entire 95-character printable ASCII character set. Even if the password hashing method was a very fast hash (such as MD5), a 10^27 password cannot be exhausted simply by renting a few (or a few racks) of GPUs.

If this seems counter-intuitive, I encourage you to do the math. If you calculate how long it would take to exhaust a 10^27 space - see this excellent Jeremi Gosney rant on Twitter - then unless the NSA is after you (in which case, they're not going to bother with your WPA2 passphrase), either of these password methods are more than sufficient ... even if your password is stored using a really fast/bad hash like MD5.

But in this case, we're not talking about MD5. We're talking about WPA2, for which cracking speeds are much slower - for example, on the order of 2.5 million hashes per second on a 6x 1080 GPU rig. That may sound fast, but again - do the math. Even if you assume capabilities of a trillion passwords per second (nation-state grade, which would be silly, as noted above) ... it would still take 10^27 / (1000000000000 * 60 * 60 * 24 * 365) or on the order of 10^7 or 10,000,000 years to fully exhaust the keyspace.

Your seven-word Diceware passphrase is not even faintly vulnerable to a "dictionary attack". You could literally tell a professional password cracker with a roomful of GPUs exactly which dictionary you used, what the separator is, that they're all lower case, and that there are seven words in the passphrase ... and they wouldn't be able to crack that WPA2 in your lifetime.

And even if I made three major errors in this math (which is likely, since I'm typing fast) ... and even if each of those errors makes my math off by an order of magnitude ... that's still 10,000 years.

Diceware passwords are considered to be strong for a good reason: the math doesn't lie. (And they're great for WPA2 because they're easy to type into all the weird wireless gear you have in your life.)

Royce Williams
  • 9,128
  • 1
  • 31
  • 55
  • Thank you for the awesome answer. It certainly is easier to use a long diceware passphrase than it is to use a much shorter password of random characters. – MountainX Oct 07 '18 at 08:36
2

The most common WPA attacks rely on capturing enough information by monitoring network traffic in order to guess the password used to derive the PSK.

The 2 main methods of guessing are brute Force and dictionary. If an attacker knew you were using the word-word-word approach that password could be subject to a modified dictionary attack.

The 15 character password could be brute foced if the attacker had enough resources ($$$ for cloud VMs). Every extra character makes the time to brute Force a pass exponentially more difficult.

In the end, as long as you at least slightly modify the word-word-word approach, that would be a far better password than a random 15 character one. When choosing a password it's not good to use a known format, modifying it slightly is a good idea.

FYI, you may want to

Both of those attacks are new to 2018.

Federico Poloni
  • 829
  • 9
  • 15
Daisetsu
  • 5,110
  • 1
  • 14
  • 24
  • Thank you. What are the "roaming features" referred to in that article? I am not aware of any setting on my router that would enable roaming. – MountainX Oct 07 '18 at 00:20
  • Roaming is used on enterprise configurations when a device moves to an area better served by another access point https://www.networkcomputing.com/wireless-infrastructure/wifi-fast-roaming-simplified/1993108957. You probably don't have it enabled already. – Daisetsu Oct 07 '18 at 00:23