Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: What's the advantage of cracking wpa with a DB ?

  1. #11
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Airlib-ng uses the same idea as the CoFW Rainbow Tables. You have to have the SSID/passphrase combinations precomputed. The Time-Memory Trade Off remains the same. If you have SSID/passphrase combinations that are repeatable, then pre-computing the hash combinations (whether it's the CoWF WPA Rainbow Tables or via the airolib-ng PMK tables) makes sense, because you compute the hashes once, yet can use them over and over. Essentially, you are doing the brute forcing one time, but are reusing the results.

    If you have a unique SSID, creating a hash table for that SSID with a password list should work out to about the same time as a brute force attack, assuming all the other elements are equal. If you have a unique SSID and a random passphrase, the odds of cracking it approach zero.

    Again, you can't beat the math.
    Thorn
    Stop the TSA now! Boycott the airlines.

  2. #12
    Junior Member
    Join Date
    Jul 2008
    Posts
    63

    Default

    The guy says he has precomputed his db in 3 hours rotflol

  3. #13
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by alan-smithee View Post
    The guy says he has precomputed his db in 3 hours rotflol
    That might be true if he is using a small wordlist, and if it were only a single SSID.
    Thorn
    Stop the TSA now! Boycott the airlines.

  4. #14
    Junior Member
    Join Date
    Jul 2008
    Posts
    63

    Default

    But with a 135 MB wordlist ???

  5. #15
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by alan-smithee View Post
    But with a 135 Mo wordlist ???
    What unit of measure is a Mo?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #16
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by alan-smithee View Post
    The guy says he has precomputed his db in 3 hours rotflol
    Regardless of the size of the wordlist his reasoning is seriously flawed. If he was able to compute the hash table in 3 hours there is no reason it should take longer than this to run the dictionary against the WPA handshake in the first place.
    -Monkeys are like nature's humans.

  7. #17
    Junior Member
    Join Date
    Jul 2008
    Posts
    63

    Default

    Quote Originally Posted by streaker69 View Post
    What unit of measure is a Mo?
    Hu, it's the french translation of Mega-Byte (Mega-octet)

  8. #18
    Just burned his ISO
    Join Date
    Sep 2008
    Posts
    1

    Default

    Hi all,
    Actually, you can stop computing and start again later from the same point with databases, that's an advantage, believe me.
    I'm currently computing a 475 millions words dictionnary, and if I had to let my computer process all day I would have some trouble using it for about a month...
    With aircrack, stopping would cause having to start all over again...

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •