Results 1 to 9 of 9

Thread: feasibility of cracking wpa

  1. #1
    Just burned his ISO
    Join Date
    Feb 2009
    Posts
    4

    Default feasibility of cracking wpa

    Just a question,

    To the best of my understanding, the way all of the wpa cracks work at present is using dictionary attacks and using these dictionary entries as possible wpa keys.
    Taking into account the fact that these key's need to be at least 8 chars long, most users will pick something as a password usually something shorter then 8 chars long and either add another word or add numbers to it.
    Thus essentially reducing the chance of it being in a dictionary or wordlist?

    i.e my old wpa password was something like kevinrules. and i assume alot of people also do this or would use a known password and add numbers to then.

    By doing this these wpa keys become very hard to crack?
    If so this would make the majority of wpa keys very difficult to crack.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by blindnz View Post
    By doing this these wpa keys become very hard to crack?
    If so this would make the majority of wpa keys very difficult to crack.
    Exactly, especially if the user chooses a long, 63 characters is the upper limit, password cracking it using a dictionary attack becomes unfeasible.

    Of course there are always client side attacks, which in many cases is the only realistic way to go.
    -Monkeys are like nature's humans.

  3. #3
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    I still think social engineering is absolutely underrated.

    As said before: there is no patch for human stupidity
    Tiocfaidh ár lá

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by KMDave View Post
    I still think social engineering is absolutely underrated.

    As said before: there is no patch for human stupidity
    So very, very true. A lot of people seem to concentrate only on the new tools and exploits that come out, although the same old tricks that worked 15 years ago still work today.
    -Monkeys are like nature's humans.

  5. #5
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Even for the technical more savvy guys that applies. Once in a while one will make a mistake and boom, you got pwned by some sort of malware. I don't exclude myself here.
    Even if it is only on a testmachine/virtual machine.

    And I am talking of non intended infections.
    Tiocfaidh ár lá

  6. #6
    Just burned his ISO amphoterik's Avatar
    Join Date
    Feb 2009
    Posts
    23

    Default

    Quote Originally Posted by KMDave View Post
    I still think social engineering is absolutely underrated.

    As said before: there is no patch for human stupidity
    There is, its called training... fortunately/unfortunately (depends on who you are) that's one patch that almost never gets applied.

  7. #7
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Even if it gets applied, guess how long it will take before people forget. Give it maximum a month the training will have an actual result. Afterwards people will get back to their old behaviour, especially if it makes work more complicated for them instead of making it easier. A regular user won't understand why he should pay more attention, it just makes everything harder and he has to remember more stuff.

    In theory it is different yeah, but in the real life it is most likely like that. Sure there might be exceptions but usually it is like that.
    Tiocfaidh ár lá

  8. #8
    Just burned his ISO amphoterik's Avatar
    Join Date
    Feb 2009
    Posts
    23

    Default

    Quote Originally Posted by KMDave View Post
    Even if it gets applied, guess how long it will take before people forget. Give it maximum a month the training will have an actual result. Afterwards people will get back to their old behaviour, especially if it makes work more complicated for them instead of making it easier. A regular user won't understand why he should pay more attention, it just makes everything harder and he has to remember more stuff.

    In theory it is different yeah, but in the real life it is most likely like that. Sure there might be exceptions but usually it is like that.
    Heh, I often have a buddy of mine call random employees and say "Hi, this is Dave. I am the new IT intern. I need to fix your mailbox files, and for that I am going to need your username and password". 95% of the time they just give it to him, even though I tell them not to, and there is no intern in my department.

  9. #9
    Moderator KMDave's Avatar
    Join Date
    Jan 2010
    Posts
    2,281

    Default

    Yeah, that's exactly the point and it is the same all over the world. Users are users always the same and that won't change.

    Human stupidity, the best vulnerability since 100K years.

    No end predictable.
    Tiocfaidh ár lá

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •