Thanks for all the really great additional replies. This is very informative information. I didn't expect such a response.
I love the container feature. You might try out an add-on called 'Temporary Containers'. It uses the Firefox containers, but allows for many additional options and an easy way to manage it all. I wouldn't want to be without it.
1 Like
I just love the mathematical aspect, since that is my background. This will probably only be of interest to a few readers in here, but here is some more math with regards to brute forcing it against a password. I will use orders of magnitude as approximations, just to make the calculations easier. With a 63-character random password there are 10^124 possibilities. The latest super-computer can do 200 quadrillion calculations per second, so let's say 10^17 per second. That's a pretty powerful computer. That means it would take about 10^107 seconds to brute force it. Let's say there are 10^7 seconds per year, so that's about 10^100 years. Say the universe is approximately 10^10 years old, so we are at 10^90 lifetimes of the universe to brute force it using the best supercomputer of today.
Yes, this doesn't take into account Moore's law and how fast computers are evolving, or how much faster this will be once quantum computing is fully available (but then again, once quantum computing is used to try a brute force attack quantum computing will also be used on what is being brute forced, so no real net gain there). The moral to this story is that even though the fastest super-computer in the world seems insanely fast, it is absolutely dwarfed by the challenge of brute forcing a 63-digit random password. Brute force is strictly for weak passwords, in my humble mathematical opinion.
1 Like
I think you are correct that most people have the password on many devices, and I can see how that could be a real issue. In my case there are no smart phones, no IoT devices, no streaming TV packages, nothing has the WiFi password (that I gave it) except the one aforementioned locked down desktop. I guess that was one reason why I wasn't too concerned with that as an issue. But it is good to keep that in mind in case my situation changes at some point.
I was more concerned with someone finding it if they hacked the computer, but as has been pointed out, and I suspected, if someone has pwned the comp, having the WiFi password is close to last on the list of my worries at that point. This has been a great discussion in this thread.
While not recommended, even a short text key is converted into a 256-bit key. 2^256 is big if you're looking randomly through it. Small if you like 'password' or 'pa$$w0rd'
2 Likes
You can encode the clear password using 'wpa_passphrase' on a Linux box having it (OpenWrt does not). The encoded psk can be used both on AP and on clients.
Here is an example:
raspbian# wpa_passphrase OpenWrt
reading passphrase from stdin
mySecretPassword << entered manually, but could read from file
network={
ssid="OpenWrt"
#psk="mySecretPassword"
psk=086bc062625d313b3703b2130e7889a0e7af74b3b0e0e5a591474957a0f33cb8
}
in /etc/config/wireless, replace the "option key" value with the encoded psk.
- Don't forget to re-encode in case you change the SSID *
Which doesn't make it anymore secure, nor encrypted in any sense of the word. You can use the plaintext PSK or the hexadecimal representation of the PSK interchangeably, anywhere.
3 Likes