Results 1 to 9 of 9

Thread: WPA/2 cracking speed

  1. #1
    Just burned his ISO
    Join Date
    Dec 2008
    Posts
    9

    Default WPA/2 cracking speed

    When trying to crack my WPA key with a dictionary attack i get about 4 words per second. What determines the cracking speed? Signalstrength? Computerpower? Or something else?

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by hackabear View Post
    When trying to crack my WPA key with a dictionary attack i get about 4 words per second. What determines the cracking speed? Signalstrength? Computerpower? Or something else?
    When using a program like aircrack-ng, which I assume that you are, the speed will be determined by your processor and to some degree the amount of RAM you have. It is recommendable to use a dictionary that is smaller in size than the amount of available RAM you have.
    -Monkeys are like nature's humans.

  3. #3
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by hackabear View Post
    When trying to crack my WPA key with a dictionary attack i get about 4 words per second. What determines the cracking speed? Signalstrength? Computerpower? Or something else?
    Using a pre-calculated rainbow table will speed up cracking by 3+ orders of magnitude.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  4. #4
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Quote Originally Posted by theprez98 View Post
    Using a pre-calculated rainbow table will speed up cracking by 3+ orders of magnitude.
    True, but the probability of having a table with the correct SSID on hand is low. Most of my clients wised up and don't use the default SSID or their company name anymore. If the company is ABC then the SSID is NOT ABC but ABCcorp or ABCinc. Not SSIDs that I have a rainbow table for. But it kind of moot as most don't use WPA/WPA2. If they learn to not use WEP I might be out of work
    I like the bleeding edge, but I don't like blood loss

  5. #5
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by bofh28 View Post
    True, but the probability of having a table with the correct SSID on hand is low. Most of my clients wised up and don't use the default SSID or their company name anymore. If the company is ABC then the SSID is NOT ABC but ABCcorp or ABCinc. Not SSIDs that I have a rainbow table for. But it kind of moot as most don't use WPA/WPA2. If they learn to not use WEP I might be out of work
    So, find the SSID and make a table specific to that SSID!
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by bofh28 View Post
    True, but the probability of having a table with the correct SSID on hand is low. Most of my clients wised up and don't use the default SSID or their company name anymore. If the company is ABC then the SSID is NOT ABC but ABCcorp or ABCinc. Not SSIDs that I have a rainbow table for. But it kind of moot as most don't use WPA/WPA2. If they learn to not use WEP I might be out of work
    Quote Originally Posted by theprez98 View Post
    So, find the SSID and make a table specific to that SSID!
    Exactly. Computer your own table. While it isn't orders of magnitude quicker, it's still on the order of 2-3 times quicker than just a straight dictionary attack. Theprez98 previously conducted some tests along these lines, and wrote about it in a thread on these forums. Search on "time memory tradeoff", and you'll get a good idea of how it works.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    Quote Originally Posted by Thorn View Post
    Exactly. Computer your own table. While it isn't orders of magnitude quicker, it's still on the order of 2-3 times quicker than just a straight dictionary attack. Theprez98 previously conducted some tests along these lines, and wrote about it in a thread on these forums. Search on "time memory tradeoff", and you'll get a good idea of how it works.
    http://forums.remote-exploit.org/showthread.php?t=7384
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

  8. #8
    Good friend of the forums
    Join Date
    Jan 2010
    Location
    outside chicago, il
    Posts
    442

    Default

    Interesting reading. Thank you for pointing it out. I will definitely need to work on getting airolib to work.

    Thanks,
    I like the bleeding edge, but I don't like blood loss

  9. #9
    Just burned his ISO
    Join Date
    May 2008
    Posts
    24

    Default

    Hello

    I do not know but about it. But your client use TKIP over WPA?

    I did see there is a flaw in TKIP which allow to decrypt very fast any PSK if it's being used. However I do not know which tool do the job.

    Maybe someone in the forum knows and post a small tutorial...

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •