WPA-PSK How secure is it ?
- Thread starter kalimojo
- Start date
- Joined
- Oct 27, 2002
- Messages
- 13,172
- Reaction score
- 348
- Points
- 83
- Location
- Cleveland, Ohio
- Your Mac's Specs
- MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
It's more secure than WEP for sure and can probably be cracked with a lot of effort. You really should use WPA2 if it's at all an option.
- Joined
- Apr 6, 2011
- Messages
- 1,291
- Reaction score
- 43
- Points
- 48
- Location
- Louisville, KY - USA
- Your Mac's Specs
- MBP 17" 2011, 2.3GHz Intel Quad-Core i7, 8GB RAM, MacMini 2011, 2.7GHz Intel Dual-Core i7, 8GB RAM
Let's put it this way - if you see a car parked outside with the glow of a laptop screen you don't recognize, call the cops. He will be there long enough for the cops to get there and sort him out.
For a simple analogy (numbers not actual, I have never actually tried):
1. If left open, it takes no time at all to "crack" into the wifi network.
2. If WEP is used, it could take as little as several hours.
3. If WPA is used, it could take several days.
4. If WPA2 is used, it could take several weeks.
Personally, since I have caught someone attempting to gain access to mine, I have take a few extra steps. I use WPA2 and I do not broadcast my SSID. It adds an extra step to the setup, but I know it is more secure.
If you are worried about yours, make sure you are running the latest firmware on your router. Change the admin password. Change the default SSID - I recommend using the hexadecimal equivalent to whatever word/phrase you want. There are plenty of text editors that will do the equation. Don't broadcast your SSID. Make your pass-phrase something clever and with more that one word. Use hex again, if you want. Most routers can limit the connections to specific MAC address and disallow all others. This step makes for more maintenance but no machine except those specifically allowed through their unique MAC address will be allowed to connect to your network.
Now, if you are looking to attempt it, be warned, you will get a ban here.
For a simple analogy (numbers not actual, I have never actually tried):
1. If left open, it takes no time at all to "crack" into the wifi network.
2. If WEP is used, it could take as little as several hours.
3. If WPA is used, it could take several days.
4. If WPA2 is used, it could take several weeks.
Personally, since I have caught someone attempting to gain access to mine, I have take a few extra steps. I use WPA2 and I do not broadcast my SSID. It adds an extra step to the setup, but I know it is more secure.
If you are worried about yours, make sure you are running the latest firmware on your router. Change the admin password. Change the default SSID - I recommend using the hexadecimal equivalent to whatever word/phrase you want. There are plenty of text editors that will do the equation. Don't broadcast your SSID. Make your pass-phrase something clever and with more that one word. Use hex again, if you want. Most routers can limit the connections to specific MAC address and disallow all others. This step makes for more maintenance but no machine except those specifically allowed through their unique MAC address will be allowed to connect to your network.
Now, if you are looking to attempt it, be warned, you will get a ban here.
- Joined
- Apr 6, 2011
- Messages
- 1,291
- Reaction score
- 43
- Points
- 48
- Location
- Louisville, KY - USA
- Your Mac's Specs
- MBP 17" 2011, 2.3GHz Intel Quad-Core i7, 8GB RAM, MacMini 2011, 2.7GHz Intel Dual-Core i7, 8GB RAM
FWIW, WEP can be cracked in about 5 - 10 mins, not hours.
Um, "For a simple analogy (numbers not actual, I have never actually tried):"
- Joined
- Oct 27, 2002
- Messages
- 13,172
- Reaction score
- 348
- Points
- 83
- Location
- Cleveland, Ohio
- Your Mac's Specs
- MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
I was just added the facts on WEP security, wasn't intending to offend you, I read what you wrote. Sorry if you misinterpreted it.
- Joined
- Oct 27, 2002
- Messages
- 13,172
- Reaction score
- 348
- Points
- 83
- Location
- Cleveland, Ohio
- Your Mac's Specs
- MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
- Joined
- Apr 6, 2011
- Messages
- 1,291
- Reaction score
- 43
- Points
- 48
- Location
- Louisville, KY - USA
- Your Mac's Specs
- MBP 17" 2011, 2.3GHz Intel Quad-Core i7, 8GB RAM, MacMini 2011, 2.7GHz Intel Dual-Core i7, 8GB RAM
No offense taken. It's just that not knowing the intent of the original post, I wasn't going to give any hard numbers. We actually have them listed here at work (averages) for a whitepaper on why we do not support wireless connections in our office.
Tell someone it only takes 5-10 mins they are apt to try it, tell them it takes a few hours, then...
Tell someone it only takes 5-10 mins they are apt to try it, tell them it takes a few hours, then...
- Joined
- Jan 23, 2008
- Messages
- 65,248
- Reaction score
- 1,833
- Points
- 113
- Location
- Keller, Texas
- Your Mac's Specs
- 2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Hiding your SSID can also cause problems. Same with MAC filtering. But as long as everything is working right and you're logged on to the right connection, and the signal is strong and steady, it's probably OK to do so.
It would have to be a determined and clever hacker who would try to crack your WPA2 connection.
It would have to be a determined and clever hacker who would try to crack your WPA2 connection.
- Joined
- Oct 27, 2002
- Messages
- 13,172
- Reaction score
- 348
- Points
- 83
- Location
- Cleveland, Ohio
- Your Mac's Specs
- MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
IMHO all hiding the SSID does is make it more inconvenient for you or your guests. Any hacker worth anything that could actually hack into your network will find it even if you hide it anyway.
In short, the only true attacks in the wild against WPA and WPA2 are dictionary or brute force attacks against the handshake. Getting the handshake is easy; you just have to deauth someone on the target network. When they reauthenticate, you can collect the 4 way hand-shake.
If you keep your WPA-PSK over 15 characters and ensure that it is not found in a dictionary, you can be rest assured that no one is going to crack it (at least by Joe Hacker). WPA is mathematically weaker (than WPA2) and is on borrowed time but that is relative to the cryptography community. If you are worried about the govt breaking in, there are easier ways to accomplish that that running rainbow tables against your PSK.
Keep your passwords long, ensure they are not dictionary words, make the PSK unique against any other device you authenticate to, and your WPA-PSK will serve you well.
M
If you keep your WPA-PSK over 15 characters and ensure that it is not found in a dictionary, you can be rest assured that no one is going to crack it (at least by Joe Hacker). WPA is mathematically weaker (than WPA2) and is on borrowed time but that is relative to the cryptography community. If you are worried about the govt breaking in, there are easier ways to accomplish that that running rainbow tables against your PSK.
Keep your passwords long, ensure they are not dictionary words, make the PSK unique against any other device you authenticate to, and your WPA-PSK will serve you well.
M
Shop Amazon
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.