On 01/08/2019 01:44, Reco wrote:
On Wed, Jul 31, 2019 at 02:32:25PM +0100, Brian wrote:
On Wed 31 Jul 2019 at 16:07:33 +0300, Reco wrote:
On Wed, Jul 31, 2019 at 07:58:54AM -0400, Celejar wrote:
mathematical analysis of how much hardware would be necessary to crack
a good WPA2 password. I've seen lots of sites explaining how to use
hashcat with a GPU, and various real-world tests on lists of hashed
passwords (e.g., [1]), but can you provide a serious analysis of the
practical cost, in time or hardware, of cracking a real-world WPA setup?
Cost - Amazon will take 11c per hour for that VM that comes with NVIDIA
Tesla videocard.
Said hour is more than enough to bruteforce 8 character WPA passphrase
with hashcat.
In the context of a home user producing a secure wireless configuration,
a 64 random character passphrase works wonders. The sky is not about to
fall in.
Agreed. If 64 character password is reasonably random, bruteforcing it is
economically unfeasible. With obvious exceptions, of course.
Entering such password to a device is somewhat tedious though.

Especially tedious on devices with limited input interfaces, such as smart TVs, game consoles, and printers. Restricting the WPA2 passphrase to digits and lowercase letters reduces entropy but makes input more bearable. Seeing the reaction of guests when they are handed a piece of paper with a long random WPA2 passphrase: priceless. It never gets old. :-D

Kind regards,

Ben Caradoc-Davies <b...@transient.nz>
Transient Software Limited <https://transient.nz/>
New Zealand

Reply via email to