4

I'm auditing my network setup and trying to determine an appropriate password length with a random set of digits and numbers. I found a Security Stack exchange answer but it was written in 2012 and wanted to see if the recommendation has changed since then.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • 2
    *"Also a secondary question. ..."* - if you have multiple mostly independent questions please use multiple posts. Don't pack everything you want into a single one - it will be closed as too broad. – Steffen Ullrich Dec 11 '20 at 15:17
  • 1
    Stop thinking of randomized long passwords, and start thinking of pass phrases. Choosing 6 random words out of a dictionary and combining them is A. Faster to type B. more secure (as far as a password that is able to be remembered by a human) and C. easy to remember – john doe Dec 11 '20 at 20:26

2 Answers2

3

For a slow hash like WPA2, that 2012 advice ("12 random ASCII chars is good enough") still holds, including the accompanying entropy/keyspace analysis. From the real-world attacker perspective, I can tell you that such plains, hashed with WPA2, are beyond reach in most realistic threat models, due to the sheer number of combinations.

For UX (ease of typing, ease of telling a visitor, etc.), you might consider using a passphrase of equivalent entropy (or more intuitively, number of possible combinations) instead.

Royce Williams
  • 9,128
  • 1
  • 31
  • 55
2

The ultimate question is how much entropy your password or passphrase has. We assume that an attacker knows from what set you generated your passphrase, so we'll consider that.

If you picked 12 characters from upper- and lower-case letters, that's 62 options, so ln 62^12 / ln 2, which is about 71.45 bits of entropy. If you pick from all non-space printable ASCII characters, of which there are 94, you get ln 94^12 / ln 2, which is a little more than 78 bits of entropy.

For the typical home network, this is probably fine, especially since the likelihood is much better that someone is going to exploit your router's firmware unless you have a reasonably good firmware update practices and a competent manufacturer.

Note that sorting the characters in the password does decrease the security, since we know that all digits are first, followed by all lower-case letter, followed by all upper-case letters. Therefore, if we're attacking your passphrase and we've guessed a lower-case letter, we know that the number of possibilities for subsequent characters is smaller.

If you really want to pick a good passphrase, then aim for 128 bits of entropy. You can do this in a couple of ways:

  • Generate a random 128-bit string and Base64-encode it.
  • Take a word list with a large number of words (e.g., the BIP 0039 one) and randomly pick several words from it. The one I provided has 2048 words, so each word provides 11 bits of entropy.
  • Generate a random 128-bit strong and encode it with the Bubblebabble encoding, which creates a printable passphrase from a binary string. It alternates consonants and vowels, with the occasional hyphen.

Note that WPA2 passphrases are limited to 64 characters.

These last two options are a lot friendlier to people who need to use your Wi-Fi network. My current network password is a 20-character random ASCII string and my friends have complained bitterly.

While picking an impossible-to-type passphrase will mean that your network is more secure (since nobody can use it), most people wish to actually use their computer systems, so it's important to balance security and usability. This is probably the most important thing to remember about security in general.

bk2204
  • 7,828
  • 16
  • 15
  • Separate from the other embellishments, if you simply calculate the total number of possible combinations of a random 128-bit (16-byte) string, and then compare that to how fast a single WPA2 can be attacked with a tool like hashcat, and then assume a fanciful amount of global hashing capacity and even add a few decimal points on top of that ... the sheer math of whether this matches any conceivable threat model should be clear. – Royce Williams Dec 13 '20 at 03:07