Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 47

Thread: Time Analysis of WPA brute-forcing

  1. #21
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by cool_recep View Post
    Hi, Virchanza.

    Can you make some calculations for me please.

    From 8 to 15 characters consisting of numbers, lower and uppercase letters.

    How many passwords creates this combination and how much GB do i need?

    Also not very important but it would be also good to know the required time to brute force all these combinations.

    Thnaks.

    BTW some time ago i tried to create a wordlist from 8 to 15 with just numbers. At 10 chars, the dictionary became 100 GB and i run out of space
    I believe it's in the exebyte range. There's a thread around here with the supporting math, I'm just too lazy to spoon feed it.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  2. #22
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by cool_recep View Post
    Hi, Virchanza.

    Can you make some calculations for me please.

    From 8 to 15 characters consisting of numbers, lower and uppercase letters.

    How many passwords creates this combination and how much GB do i need?

    Also not very important but it would be also good to know the required time to brute force all these combinations.

    Thnaks.

    BTW some time ago i tried to create a wordlist from 8 to 15 with just numbers. At 10 chars, the dictionary became 100 GB and i run out of space
    That math isn't that hard, as it's basic arithmetic. Anyone who graduated grammar school should have the 'math skills' for this. It's called multiplication.

    The basic formula is number of possible characters (alphanumeric) raised to the power of the number of characters. With digits, lower and upper-case letters, there are 62 possible variations for every character

    So in the case of 15-character length passwords, that's 62 ^ 15 (62 raised to the 15th power) or 768909704948766668552634368 bytes, or about 768909704948766.6 TB. Of course, since you'll not be using 62 ^ 7 (3521614606208 bytes or about 3.5 TB), you'll save a little bit of space.

    Do let us know how you do with that.

    As far as the time, a 10MB password file takes about 30 minutes for one SSID on a 2GHz machine.

    Therefore:
    100MB = 300 minutes (5 hours)
    1,000MB (1GB) = 3,000 minutes (50 hours)
    10,000MB (10GB) = 30,000 minutes (500 hours)
    100,000MB (100GB) = 300,000 minutes (5,000 hours or 29.76 weeks, or 7.44 months )
    1,000,000MB (1,000GB or 1TB) = 3,000,000 (50,000 hours, or 74.4 months, or 5.7 years)

    Based on that, you should have a brute force answer in 4,382,785 billion years in a worse case scenario. Of course, statistically, you might get lucky and get it in half that time.
    Thorn
    Stop the TSA now! Boycott the airlines.

  3. #23
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Thorn View Post

    Based on that, you should have a brute force answer in 4,382,785 billion years in a worse case scenario. Of course, statistically, you might get lucky and get it in half that time.
    They might want to start now, since the world is going to end 12/21/2012.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  4. #24
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Quote Originally Posted by cool_recep View Post
    Can you make some calculations for me please.

    From 8 to 15 characters consisting of numbers, lower and uppercase letters.
    26 lowercase characters, 26 uppercase characters, and 10 digits. That comes to 62 different characters.

    How many passwords creates this combination and how much GB do i need?
    The amount of passwords is calcuable as follows:
    Code:
    62^8 + 62^9 + 62^10 + 62^11 + 62^12 + 62^13 + 62^14 + 62^15
    Also not very important but it would be also good to know the required time to brute force all these combinations.
    I'm gonna be generous and say that you can crack at 1 million keys per second. I'm using the following C code to do the calculations:

    Code:
    #include <stdio.h>
    #include <gmp.h>
    
    void CalcAmountPasswords(mpz_t total,unsigned min,
                                         unsigned const max,
                                         unsigned const radix)
    {
        mpz_t temp; mpz_init(temp);
    
        mpz_set_ui(total,0);
    
        for ( ; min <= max; ++min)
        {
            mpz_ui_pow_ui(temp,radix,min);
            mpz_add(total,total,temp);
        }
    
        mpz_clear(temp);
    }
    
    int main(void)
    {
        char buf[1024];
    
        mpz_t total; mpz_init(total);
    
        CalcAmountPasswords(total,8,15,62);
        mpz_get_str(buf,10,total);
        printf("Total amount of keys = %s\n\n",buf);
    
        mpz_cdiv_q_ui(total,total,1000000lu);
        mpz_get_str(buf,10,total);
        printf("Cracking at 1000000 k/s, so that's %s seconds\n\n",buf);
    
        mpz_cdiv_q_ui(total,total,60ul * 60 * 24 * 365);
        mpz_get_str(buf,10,total);
        printf("In years, that's %s years\n\n",buf);
    
        mpz_clear(total);
    
        return 0;
    }
    And here's the output I get:

    Code:
    Total amount of keys = 781514782079070739510782720
    
    Cracking at 1000000 k/s, so that's 781514782079070739511 seconds
    
    In years, that's 24781671171965 years
    So we're talking 24 trillion years. The universe is estimated to be at most 14 billion years old.

    As for storing a dictionary file, well you'd need to pipe the output of a generator into the input of a cracker, otherwise you'll need a hard disk the size of Jupiter.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  5. #25
    Very good friend of the forum killadaninja's Avatar
    Join Date
    Oct 2007
    Location
    London, United Kingdom.
    Posts
    526

    Default Hmm

    24 trillion years
    well lets hope Erik Tews hurrys up
    Sometimes I try to fit a 16-character string into an 8–byte space, on purpose.

  6. #26
    Member imported_vvpalin's Avatar
    Join Date
    Apr 2009
    Posts
    442

    Default

    As i said none of you take Moors law into consideration.

    24 trillion years will be 23.44 billion years in as little as 15 years

    Hell if the current trend keeps up we will have petabyte drives by 2016

    And when have any of you unless you walk around with tinfoil hats ever used a password over 20 characters?
    Using backtrack for the first time is like being 10 years old again with the keys to a Ferrari.

  7. #27
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    Not to boast or anything, but one of my e-mail passwords is 24 characters long, and it contains "non-words", or words you wouldn't find in an English dictionary.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  8. #28
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by vvpalin View Post
    As i said none of you take Moors law into consideration.

    24 trillion years will be 23.44 billion years in as little as 15 years

    Hell if the current trend keeps up we will have petabyte drives by 2016

    And when have any of you unless you walk around with tinfoil hats ever used a password over 20 characters?
    Mine is the maximum length that was randomly generated by a web site. Putting it into the laptops isn't so bad, but typing it into my phone and iPod was a bitch!

    I'm sure in a few years they'll have made a better encryption method anyway. So really this will do until then.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  9. #29
    Just burned his ISO
    Join Date
    Apr 2008
    Posts
    19

    Default

    Thanks everybody for your efforts.

    I am really convinced that this is impossible

    I will wait for the GT300 series since they say that it will have MIMP technology which enables those cards to process more threads at a time.

  10. #30
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    I like it!

    These calcs are just as fun as pointing out to people their lack of understanding around generating and storing dictionary files (which we all know I love to do ).

    And when have any of you unless you walk around with tinfoil hats ever used a password over 20 characters?
    My WPA2 key is 63 characters (though I don't have it memorized) does that count?
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Page 3 of 5 FirstFirst 12345 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •