I think a key point is being lost here, and that is the purpose of dictionaries in security validation/scanning. People have a tendency to use common sequences of letters when selecting passwords. So, we have our favorite dictionary of 20k most-commonly-misused words, and, on a regular basis, we check the authentication mechanism to see if folks are being 'random' enough.
A brute force attack is just what good codes/passphrases are supposed to thwart.
Now, I can understand what OP was feeling. Most security professionals guard these dictionaries like the Crown Jewels, and getting this slick tool without a dictionary can feel a bit like getting a fast car with no fuel.
I have a couple of things to say :
1. From a practical purpose brute force cracking is only good up until 7-8 characters (assuming the standard upper/lower case alphabet + digits) with currently available computing power. Over 8 characters and the permutations of letters and numbers becomes too large to crack in a reasonable amount of time.
2. The reason I would like bruteforce added to this tool is that many times people use short words with a number or two added to the end (for example: fred25)...a brute force cracker that tries every possible combinations of letters/digits would be able to suss this out while no dictionary file is going to have that.
If people want a truly secure password it has to contain letters, digits and characters (ex. !) and be 8 characters or more. I just think that aircrack is missing a vital tool for cracking passwords by excluding a brute force method.
From my limited coding back in school this shouldn't be all that difficult to add to this program.
Unfortunately I'm not a code ninja so that's why I'm asking if anyone else had a method to accomplish this.
wait a minute? is the minimum length of a WPA passphrase really 8 characters?
If thats the case, that would explain why aircrack-ng is not even trying any of the passwords in my wordlist (generated by a program I made which currently only makes a wordlist of all possible combinations of lowercase letters up to 4 length)
So I'll have to revise my program and make it start with 8 characters right?
and probably end after all the 8 character combinations are done! since even 9 is way too many combinations!
It took my machine about a minute to generate all the possible passwords with length 1-4, with a resulting 2.24MB file...
I wonder how long it will take to generate a word list with all combinations of 8 characters...
NO WAY will I do full ascii... only lowercase letters + uppercase + digits
And I'm agreeing with spyder... USUALLY people make passwords easy for them to remember, so a password with only letters and numbers that is 8 characters or less is common...
So a brute force attack makes sense, an 8 character password can be cracked in a feasible amount of time... If a good password is in place however no matter what dictionary you have, or how deep your bruteforce dictionary goes, You just aren't going to get the password...
Getting the password for WPA depends on the password not being such a great password!
here was my wordlist that my app generated incase anyone wants to confirm that passwords less than 8 characters are in fact not even tried...
the app is a windows app since I don't know how to code for linux yet, but I did make sure it only separates a new line with a line feed (\n or 0x0A)
instead of a carriage return and line feed (\r\n or 0x0A0D)
since \n is the linux way to seperate lines, and \r\n is the windows way (i think just \r for mac but thats irrelevant)
spyder what did you type exactly to get 'john' to pipe the generated passphrases to aircrack-ng?
john is an app right? well it doesn't seem to be included with backtrack 3 since typing it says command not found! What is john?
Yay I Can Post Now :)
Yes WPA passphrases are minimum 8 character.
Have you checked out WPA rainbow tables?
You should be able to find them here:
John the Ripper is what he is referring to.
It is listed here but I don't know if it was carried over to BT3final
The password requirements for WPA are actually 8 to 63 characters. However, remember that all these passwords will need to be used against the ssid to create the hash. So you really have tw factors involved: the actual passphrase and the ssid. WPA rainbow tables linked by hhmatt81 is a good start. Here is another link with some history behind WPA rainbow tables: