Can anyone provide a brief summary of the state of the art of WPA cracking? How many bits of entropy do I need in my wireless password these days to deal with cloud GPUs?
80-bit of entropy, generated from a 6-word diceware is sufficient for almost every application. The real issue in WPA is the lack of forward secrecy, without it, once the passphrase is known, all previously recorded traffic is revealed.
nobody is going to spend the atrociously high cost of cloud gpus to crack someones home wifi password in an un-targeted attack. your home wifi threat actor is your neighbors kid playing with aircrack.
in a corporate environment, use wpa2-enterprise, then password entropy doesnt matter quite as much.
I'm not disagreeing with you but you might be interested to know that there's a distributed WiFi password cracking project. You can upload packet captures and other people will extract the handshake(s) and volunteer GPUs to crack them. The passwords aren't made available but you can see if someone managed to crack the password.
I've tried setting up WPA2 Enterprise but have been unable to set it up in a way that works with all client hard/software in the enterprise. Windows was especially horrible. Most Linux distros and OSX seemed to kind of Just Work for the most part.
If anyone knows of a WPA2 Enterprise setup guide that works well with minimal hassle (no CA/certificate installation hell, Linux+BSD+OSX+Windows as old as 8), I'd be eternally grateful.
I know at least a couple of hackers who cracked other people's wifi, and used a yagi to not just crack their their closest neighbour but someone a bit further away (for safety).
Last time I ran the numbers an ISP default pattern password for ISPs around where I live (assuming perfect randomness within the ISP's pattern) was like $70 on Google Cloud GPUs (with half that on average).
And if your wifi has a default pattern SSID, then it probably has a default pattern password.
$70 is not atrociously high cost for a "last mile" security hop.
And if you have a botnet already then it's free.
These are people who would crack your wifi for the lulz (and have the stolen capacity to do it), get your house raided because they hack companies from behind your Internet connection...
... and then are stupid enough to when they hack and get access to a sensitive government database run a search for their own fucking name... and members of their family.
I thought enterprise was even more fucked thanks to the horror that is MSCHAPv2 and that no one bothers to setup the PKI stuff to authenticate the APs.
In WPA-EAP the AP is not active part of the authentication flow (it only forwards the frames) and as such does not directly authenticate itself to the client (it happens indirectly by the fact that it can forward the frames).
The configuration space of WPA-EAP is huge and most combinations are horribly insecure, but as long as you stick with one of the "tunnel everything through TLS" EAPs (EAP-TTLS or PEAP) the result is safe against passive attackers even when you don't verify server certificates (obviously you should verify the certificates, because the active attack is trivial and does not have to interact with your network).
This is the model for "Eduroam" (Academics and students at various educational institutions, particularly in Europe but these days around the world have a single network). Each device is configured with certs for their home institution, their username lets any member figure out where that home institution is, and so their password or other authentication flows only to an IdP for that institution, which under the Eduroam agreement is trusted to authenticate them at all other member institutions.
So you set up "eduroam" once on your phone, and then it works the same in a lecture theatre at Stanford, or in Nantes (France). So that's nice, and as dfox observes the AP isn't much involved, so the inevitable frailty of individual WiFi setups in less sophisticated institutions isn't a huge flaw in Eduroam or a grave risk for your home institution.
You can do it without MDM, just distribute via an https webpage. Most universities do this, because it is 90% byod or guest access (you can only be enrolled in one MDM).
So guests coming to your home would need to first download certificates in order to be able to trust your network. But they would then need to trust that certificate not to be used to MITM their own EAP servers... This doesn’t sound very user friendly. Am I missing something?
With home security systems being hooked up to WiFi these days and a cost of cracking a WPA password being less than $100 a casual targeted attack isn’t that unlikely.
> your home wifi threat actor is your neighbors kid playing with aircrack.
When working for an ISP it came up quite a few times that customers had extensive questions about security because they were genuinely worried about their ex-spouse spying on them. Even if they were all just "paranoid" in their specific cases (I wouldn't know), I think it's a fair concern. If all it takes is some googling and a bit of money to rent cloud GPU's, well, scorned lovers have done way more expensive and less effective things to cause damage or violate privacy.
Not to get into WPA's many failures but purely in terms of auth: At this point WiFi and email auth alone I think is enough reason to learn at least very minimal free MDM for your devices and family devices. I think a fairly significant number of networks fall into the categories private personal (which mainly involve a limited number of specific users and devices), organization (which can handle better auth anyway), or public/guest (which should either be open/"open" or use a portal). In all those cases you can do away with ever needing to manually enter a password via supplying it via a profile, using RADIUS, or a portal, and in turn be free to just have any password itself match 2^256 bits. Even for edge cases I think better distribution strategies make more sense going forward then trying to figure out what an "easy" password can be (and how to rotate it) while still being secure. Just like password managers with websites, we're past the point where we should be using human memory or manual input in general at all.
Sorry I missed this, though this would probably make for an interesting Ask HN question by itself in terms of what the current best practices are. But for shear simplicity I'd probably start by looking at 1st party solutions: Apple's Configurator 2 and Google's Android Device Manager. macOS was also updated to support mobileconfig files a while back, so you can make profiles to deploy there too. That is probably about as minimal as it gets: simple applications that generate a file which can be distributed over USB or via messages or email and such to set up a range of functions. Setting up a server and command line generation of your own files and such (some tools like the Algo VPN maker will make deployable profiles themselves for ease of use) can be fun, but for a handful of your own private devices with relatively static settings it can be overkill too. A profile may be plenty good enough, and can also just plain save a bit of time by making it easier to load up a bunch of email accounts for example. Also, for the Apple case specifically, they perhaps unsurprisingly expose a lot less functionality in the native mass market user aimed UI then their devices actually support. iOS devices have native support for S/MIME certs for example, but you need to a profile to add them.
Anyway I'd suggest trying those first before digging into server setups or cloud offerings or the like.
