weak wpa2 key

[Pants]

I know somebody who is using WPA2/AES for their wifi encryption. It is only 9 ascii characters.

Using wpa2 without taking advantage of the large key space available in it (not using enough characters) would make it just as crackable as wep, wouldn't it?

 

[phaZed]

No, WPA is fairly secure and is only reasonably cracked by brute forcing the password as where WEP is easily cracked by collecting ARP requests and deducing the password.

Unless the WPA password is an easy dictionary word(s) it would most likely take weeks/months/years to crack. WPA is most commonly cracked by exploiting the fundamental flaws inherent in WPS (Wifi Protected Setup). Disable WPS and apply a non-dictionary set of characters for the pass and you should be OK.

 

[YeOldeStonecat]

Read up on how wireless is cracked, and you'll find that...based on current tools....it's quite secure. Someone will have to literally "guess" the password. Think about how impractical that really is...go stare at your neighbors house and start trying to guess what their password is.

 

[frederick]

9 Characters isn't bad. My absolute minimum I tell customers is 8, and that includes uppercase, lower case, special characters, and numbers. Recommended password length (based on who you talk to) is around 8 and 14 characters. For a WiFi password, I personally go with 16 characters minimum, and later might use up to a 20 character passphrase (have been known to go way higher with WPA/2).

I've had fellow security engineers tell me it is a minimum of 13 to 18 characters (using upper, lower, special, and numbers) for brute force protection. Remember though, it has to be completely random. One of those, start writing out characters before you start pressing randomly. But honestly it all comes down to where you went to school and who taught you.

You already said it is WPA2/AES. This means someone is going to try and C-4 their way in. It's going to take them a hot minute. If it was WEP, I'd tell you to upgrade cause I'm in probably seconds. If it is WPA, I'd tell you to upgrade because chances are your WiFi device is slower than a snail when compared to these beasts of today and their Ferrari like speeds. And if WPA2 is available, and you are not using it, doing a bit of a disservice to yourself. WEP is done, plane and simple. WPA has a known flaw, though not out just yet fr whatever reason, is ok to use so long as you are using a nice password. If you have WPA2 available, use it.