13 Jan, 2014 No Comments Bobby How Security Works

Wireless data is extremely vulnerable. It floats out there naked and visible on the airwaves for anyone to see. Only the strength of your password is protecting it. Are you sure it’s good enough?

To learn how to make the best wireless password ever, check out this article.

What Makes Wireless Passwords Different?

Most passwords are simply used to to give you access to something – to prove you are who you say you are. That is called authentication.

Your wireless password, on the other hand, is much more than that. Not only does it authenticate you, but it serves a dual purpose as an encryption key. The password (encryption key) is used by a complex math algorithm to scramble your data so that no one can read it as it travels through the air. The more unique and complex the key, the more unique and complex the encryption.

If you’ve purchased a new modem or router recently, you’ll see that the manufacturers are now shipping them with pre-configured wireless passwords. And if you’ve noticed, they’re extremely long and random. Annoying, right? People see that and usually change them to something simpler that they can remember.

Well manufacturers started doing that for a reason. Most people don’t understand that wireless keys are different and need to be that long and random. It’s their attempt to help you, as annoying as it may seem.

How Wireless Passwords Are Cracked

Cracking your wireless password is just a math problem. And there are only three variables they need:

  1. The encryption algorithm, or “security type”
  2. A sample of your encrypted data
  3. Time

First they’ll get close enough to listen in on your wireless connection with their laptop. By watching the traffic as it flies through the air, they can figure out what security type you’re using, as well as capture a sample of your encrypted data. The more data they capture, the easier it will be to crack. At this stage, your data looks like gibberish to them. Unless it’s not encrypted of course, in which case there’s no cracking necessary because they can already read it.

Aircrack-ng Logo

Aircrack-ng is a popular wireless cracking tool

So now they have 1) the security type and 2) a sample of your data. Next they take those home and plug them into powerful cracking software. The software processes that data over 3) time, until it is able to reverse-engineer your password from it.

So by gathering the first three parts of the equation (algorithm, data, and time), they will be able to extract the value of the last variable (key). Kind of like an algebra problem.

When a crook takes your data from you and attacks it on their own computers like this, it’s called an offline attack. This type of attack can’t be performed against normal website passwords. To attack passwords on a website, they’re required to actively attack the web server. There are usually too many precautions in place to make this effective (like locking your account after too many failed attempts).

But when they steal your data and take it home, they have no limitations and can attack it as much as they want. That’s the reason your wireless password needs to be stronger than most of your other passwords. Because there is nothing to slow them down except the amount of processing power they have available.

What Makes a Wireless Password Strong?

Given enough time, any wireless key is crackable. You can’t make one that’s guaranteed 100% safe because there are only so many key combinations available.

It’s analogous to an actual padlock and key. For the sake of argument, there’s only one key that will align all the tumbler pins in the lock. And there are only so many keys in the world. So you try each one until you stumble onto the one that works.

That seems nigh impossible, but you can increase your odds by first examining the lock to see what type of key you need. You look at the size, shape, and complexity and determine what kind of key you’re looking for.

It’s the same with digital encryption. The padlock is the encryption algorithm and the key is your encryption key (password). There are only so many combinations of keyboard characters, so there are only so many encryption keys to try. Given enough time and processing power, it’s theoretically possible to try them all. It’s only a matter of time before you stumble across the right one.

This is all done with software so it’s incredibly fast. Fast, as in thousands or tens of thousands of guesses per second or more, depending on how much processing power you have.

You can further increase your odds by trying lists of common passwords and sentences, and catering your first guesses toward what personal information you’ve gathered about the target (person you’re hacking).

To fight against this, we need to increase the number of possible keys they have to try. This is done by making the password very long and complex. Every character we add increases the number of combinations exponentially. We cannot make it impossible to crack, but we can make it take a very, very long time. Billions of years, even. We need to make it so infeasible that they have no choice but to give up eventually because they’ve lost the return on the investment.

Wireless passwords need to be so long and complex to the point where key extraction becomes a statistical impossibility over the span of several human lifetimes, at least. This should give you peace of mind that there’s no chance it will ever be cracked.

Choosing a Strong Wireless Security Type

There are only a few security types that ever get used. They’re typically WEP, WPA, and WPA2. You need to use the strongest one available because its strength is just as important as the strength of your encryption key. If you’re using a weak security type, then your password is worthless, no matter how good it is.

The strongest security type as of this writing is WPA2. The older WPA will also work in a pinch. But NEVER use WEP security. It has long since been compromised and is not good enough anymore.

Related Articles