Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 41

Thread: Cracking Random Wpa Keys

  1. #31
    Junior Member
    Join Date
    May 2008
    Posts
    71

    Default

    I do understand your points guys, but here's mine, if i've only just begun to start using this type of technology and in 6 months can already shred a weak network, what about someone who wants to do bad things with this knowledge-- it is after all very free any easy to aquire-- so by creating a set of large tables and showing that it is possible to attack some of these random passkeys wouldn't that be a signifigant statement to send out there to anyone paying attention, that technology is very much capable of catching up with this stuff soon if not already? I'm just willing to ask this stuff because i too want to learn and help serve the community in a good way not see it destroyed by some jerk with a big wallet and spare time. either way i think this discussion has definately covered alot and should be helpful to someone in the future.
    Its not always bad to ask an obvious question from a new perspective-- especially consideing on a budget of less than 5 grand and a timeframe of a month represents a huge amount of data-- roughly 1 week per ssid with 2-20 billion passkeys? Just talking about it this way will and should raise some eyebrows.

  2. #32
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Barry View Post
    I'm sure in a few to a dozen years, we'll all be carrying around computers that can easily compute these kinds of numbers with the capacity to actually store them. By then they'll have also created a new encryption scheme that is just as hard to crack then as a good wpa2 is now.

    It's funny, I was thinking along similar lines this AM, when running those rough figures.

    Students of cryptology will know this story, but it's worth repeating here:

    Alan Turing reportedly said something along those lines in the middle of WWII when he was working on cracking Enigma using Colossus and the Bombes. Supposedly he said that if it would take X years to crack a known cypher, but if a new technology would be invented in Y years that would crack the cypher in a fraction of X, and Y was significantly less than X, then you were much better off devoting your time to creating the new technology then you were in doing the straight forward cracking.

    So that's Turing and the other heroes of Bletchley Park did, and a lot of the reason we have modern computers is a direct result of that work. It goes without saying that work is also a huge reason that none of us look at Tokyo and Berlin as the co-capitols of Earth.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #33
    Junior Member
    Join Date
    May 2008
    Posts
    71

    Default

    Very true Thorn, which is why the allies went low tech and captured an enigma machine and cipher books. Which makes me wonder if the same type of weakness exists for this type of encryption ie: are the keys truly random and could some jerk witha bunch of linked up quad cores figure out the probability of lets say the 20 billion most likely keys via statistical analysys?
    obviously the regular, how did you guys put it, "script kiddies", whatever the heck those are-- remember i'm still new to this-- wouldn't be able to go there
    but i downloaded a free password recovery tool from some russian company that uses the video card to crack passwords and allegedly increases the speed by something like 18 orders of magnitude( could be off here) but they were saying basically this typre of thing takes what used to be months of computing work and reduces it to 3-5 days
    Is that really possible?

  4. #34
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by J05HUA View Post
    Very true Thorn, which is why the allies went low tech and captured an enigma machine and cipher books. Which makes me wonder if the same type of weakness exists for this type of encryption ie: are the keys truly random and could some jerk witha bunch of linked up quad cores figure out the probability of lets say the 20 billion most likely keys via statistical analysys?
    obviously the regular, how did you guys put it, "script kiddies", whatever the heck those are-- remember i'm still new to this-- wouldn't be able to go there
    but i downloaded a free password recovery tool from some russian company that uses the video card to crack passwords and allegedly increases the speed by something like 18 orders of magnitude( could be off here) but they were saying basically this typre of thing takes what used to be months of computing work and reduces it to 3-5 days
    Is that really possible?
    Capturing the Enigma machines, both the M3 captured by the Poles prior to 1939 and the M4 (Triton/Shark) that the Kriegsmarine began using in 1942, helped a lot as the Allies were able to tell the wiring, and hence tell the exact algorithm used. However, the errors in use of the machines by the Wiermacht and Kriegsmarine were what proved to the a fatal flaw. Many of the operators got sloppy and lazy in the way the implemented codes and the daily code changeovers. Much like users today who use weak passwords, the Enigma operators' misuse of the basic security protocols proved to be a huge flaw in the system.

    There's a lesson there, that might well be remembered today as fraud and 'identity theft' spiral upwards.

    Could someone find a math flaw in WPA/WPA2? Sure, but it hasn't happened yet, and people with better math skills than I possess tell me that it is unlikely. This differs widely from WEP, which math types roundly denounced as a large pile of stinking poo almost from the start.

    Google "script kiddie" and you'll find several good definitions, but essentially it's a kid, who possesses few actual computer skills, and is only able to run scripts -programs built by more skilled programmers-, without knowing how they actually work.

    Many video cards contain a secondary processor that has it's own memory and are geared towards heavy number crunching, so in theory, that type of password cracker makes some sense. However, I'd really doubt a figure of "18 orders of magnitude" since that means 1,000,000,000,000,000,000 times faster. Eighteen times faster (a magnitude of slightly more than 1) seems much more realistic. (A single order of magnitude is x10; 2 orders is x100; etc.)
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #35
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Video cards are really good at doing math. If they weren't Crysys would look like Doom. The thing is, they don't have to be super accurate like a system cpu. They only have to be accurate enough to throw pixels on the screen. If it's a little off, most people wouldn't notice. I'm sure it can be overcome in programing. I'm just not so sure on how much a performance boost you'd get with this.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #36
    Junior Member
    Join Date
    May 2008
    Posts
    71

    Default

    Damn, i was hoping i didn't qualify as one of those--- better get to learning!

  7. #37
    Junior Member
    Join Date
    Apr 2008
    Posts
    48

    Default

    Quote Originally Posted by J05HUA View Post
    1.64 times 10 to the 12th power dividing by 65,000 then 60 then 60 then 24 for seconds, minutes, and hours-- wow-- i really hope my math sucks
    I was looking at that, and it seems off... If you want all possibilities of uppercase, lowercase, and 0-9, than it is 62^30 . This is because the first character can be 62 different possibilities, and the same with all the rest of the 29 characters. That is also only for the 30 character words.... You would have to do 62^8 + 62^9 + 62^10 + ... + 62^30 to get how many possibilities/words in your file.

    Edit: I see Thorn already pointed out how many possibilties there are... But still dont forget to calculate the words that are less than 30 characters long

  8. #38
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    To sum up the last half dozen posts. It's doing to take a really long freaking time. So long that you'll probably have some random hardware failure on the machine you're doing the computing on and have to start over.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  9. #39
    Junior Member
    Join Date
    May 2008
    Posts
    71

    Default

    Whatever happens, this has been a great discussion from my perspective, i've learned a great deal. Most of the pros, alot more cons and accurate info from people that actually know what the hell they are talking about(myself excluded for now) its hard to find that in one place so thanks for all your opinions and knowledge-- it will be put to use. Lots of stuff to disseminate and new things to learn about... not interested in being one of those that just use it and never want to understand it inside and out, this stuff is wayyy too interesting for complacency. Any other thoughts on the issue are most welcome.

  10. #40
    Senior Member
    Join Date
    Jan 2009
    Posts
    114

    Default

    Quote Originally Posted by Thorn View Post
    You're welcome.

    The basic formula is number of possible characters (alphanumeric) raised to the power of the number of characters. With digits, lower and upper-case letters, there are 62 possible variations for every character

    So in the case of 21 character length passwords, that's 62 ^ 21 (62 raised to the 21st power) or 4.3674252383913877424036476406215E+37

    ad if not compute the "Key = PBKDF2(passphrase, ssid, 4096, 256)"
    but only write all 64hex Key ? (like test hash file if i have understand right) the possibility are 15^64 (1,86e+75), more or less than 42 passhprase 62^42(1,9e+75) , and some system can use 63 char for phassphrase (8,33e+112)

    so we can not know the passkey, only the "hash" but the wpa si broken equal, or i miss some think ?
    acer 5920g , 345abg , nvidia 8600m
    bt5 kde 64bit + acpi + cuda 4.0 / nvidia 270.40 / pyrit

Page 4 of 5 FirstFirst ... 2345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •