Results 1 to 6 of 6

Thread: Beginner's question on WPA crack

  1. #1
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    6

    Default Beginner's question on WPA crack

    I would like to know that if you must have a good dictionary to crack WPA password? for example, if my AP password is remote_exploit. And in my dictionary, I didn't include this word there... does this mean I will not be able to crack it?

    Second question.. is there any other method for cracking WPA without using DICTIONARY?

    Thank you for your help!!

  2. #2
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by wuitsung View Post
    I would like to know that if you must have a good dictionary to crack WPA password? for example, if my AP password is remote_exploit. And in my dictionary, I didn't include this word there... does this mean I will not be able to crack it?
    No, you will not be able to crack it. This is why a long, random passphrase recommended. It becomes is almost impossible to break, to the point of being mathematically impossible.

    Quote Originally Posted by wuitsung View Post
    Second question.. is there any other method for cracking WPA without using DICTIONARY?
    You can use the Church of Wifi WPA Rainbow Tables. However, these table are dictionary-based, but by using hashes, they give you the ability to test common SSIDs and common passphrases much faster.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    43

    Default

    nope, you can not crack WPA if your dictionary doesn't have the passphrase



    You can use the Church of Wifi WPA Rainbow Tables. However, these table are dictionary-based, but by using hashes, they give you the ability to test common SSIDs and common passphrases much faster.
    therefore in terms of WPA security, rainbow tables don't improve the aspect of cracking WPA except for speed, is that correct? So how are rainbow tables compared with something like ophcrack and WPA tables different?

    Is it because with WPA, the passphrases are salted with the SSIDs?

  4. #4
    Just burned his ISO
    Join Date
    Jul 2008
    Posts
    6

    Default

    Thanx Thorn!! you mentioned the Church of Wifi WPA Rainbow Tables is dictionary based... so if it doesn't include the password of the AP, we are still not able to crack it right? it just help the speed of cracking right?

  5. #5
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by wuitsung View Post
    Thanx Thorn!! you mentioned the Church of Wifi WPA Rainbow Tables is dictionary based... so if it doesn't include the password of the AP, we are still not able to crack it right? it just help the speed of cracking right?
    Correct.

    If you don't have the passphrase, WPA is mathematically impossible to break. (Assuming standard computer equipment.)
    Thorn
    Stop the TSA now! Boycott the airlines.

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by jkroeder View Post
    therefore in terms of WPA security, rainbow tables don't improve the aspect of cracking WPA except for speed, is that correct?
    Correct.

    Quote Originally Posted by jkroeder View Post
    So how are rainbow tables compared with something like ophcrack and WPA tables different?
    I can't give a comparison, as I haven't run ophcrack of late. However, we would routinely crack a standard SSID secured with a dictionary password in under 30 seconds using the CoWF Rainbow Tables. (Excluding the time needed to collect the four way handshake.) The quickest I recall was about 11 seconds.

    Quote Originally Posted by jkroeder View Post
    Is it because with WPA, the passphrases are salted with the SSIDs?
    Yes. So the tables are the top 1000 common SSIDS as reported to WIGLE, run against a password dictionary of ~172,000 passwords known to be commonly used.
    Thorn
    Stop the TSA now! Boycott the airlines.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •