Philosophical possibilities in question in creating a bruteforcing wpa wordlist?
It has been a few months since i discovered Backtrack and found many things annoying until i learned them and only now do i start to get excited. So i though i should create an amazing well thought of wordlist.
I am very sceptical of dictionary wordlists. I take myself as an example. An ordinary fellow, i think will use common password ideas for email accounts or internet webpages, social networking and that stuff. And by common i mean something like 'name1234' or 'name[birthdate]' or perhaps some dictionary word along with a couple of numerals. Ok.
But someone with a wpa/wpa2 connection is more likely to leave the connection on day and night. So he/she would not be likely to keep entering the password again and again upon connection. Therefore, that someone would not change the default password, which is likely to be about 8-10 characters of random numerals and capital letters. In my router it was 10 characters, i don't know if that is the case for most routers. If indeed the person decided to change the default password, it would be to enter an even more complicated and longer password, which makes a dictionary attack resemble pure idiocy.
Therefore i started looking at crunch possibilities in making this amazing bruteforcing wordlist of mine, with a 200gb space available on a hard drive. I was very quickly dissapointed. Why? Well, ideally i would use all numbers and all capital letters for a bruteforcing combination of 8-10 characters and that would cover the SMALL posibility that the person did not change his random alphanumeric key. I found out that i would need 23646gb of space to store a wordlist with just 8 character combinations of all numbers and capital english letters... and i don't even want to imagine how long it would take to test it.
A wordlist of 8-10 characters of just the numbers would be 102gb. An 8 character wordlist of the numbers was about 850mb with 100 million words. I tested that but did not find a key.
So what i am asking myself is if i should try to created several bruteforcing numeral and capital letter wordlists, picking specific numbers and letters each time, that would take reasonable space and time to run with aircrack. I will have to count on the luch factor too though, for one of those to actually get results.
I am thinking if there are of the 10 numbers and of the 26 letters some used more frequently than others in default wpa keys and how can i discover that.
Anyone has had any bright ideas for creating bruteforce wordlists that worked in getting results?
Re: Philosophical possibilities in question in creating a bruteforcing wpa wordlist?
The thing is, if you create such a huge wordlist it has to be tested through, and this takes calculation time as well.
It would be smarter for such purposes to make some rainbowtables then.
However, I don't think there is a statistically height big enough in the usage of any characters or letters if there aren't words used; you may try E, e, a, A, 9, 1 and such as a first go though, but it's a lot of work.