Page 5 of 5 FirstFirst ... 345
Results 41 to 47 of 47

Thread: Time Analysis of WPA brute-forcing

  1. #41

    Default

    Stop TALKING ;D Get on Bruteforcing ....you know time is running fast ;D
    www.myownremote.blogspot.com

  2. #42
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by Reeth View Post
    Stop TALKING ;D Get on Bruteforcing ....you know time is running fast ;D
    Pyrit's author has posted some new results along with a new version. Here's a back-of-the-envelope calculation to whet your appetite(or make you cry yourself to sleep tonight):

    Assume you wish to crack an 8-character password consisting of all lowercase English letters. That means:
    26^8 = 208,827,064,576 different passwords.
    208.8 Billion * (1 second / 215 keys) * (1 hour / 3600 seconds) * (1 week / 168 hours) = 1605.9 weeks = 30.88 years(!)

    If you can crack faster, change the 215 keys to a larger number. As of 10-Jun-2009, pyrit’s author reports a quad-SLI equipped machine running 4 GTX-295 cards will do 84,718 keys per second. That means:
    208.8 Billion * (1 second / 84,718 keys) * (1 / 604800) = 4.0756 weeks.

    Running a brute force for 4.0756 weeks is within the realm of possibility.

    I expect follow-up posts explaining why 8 lowercase letters will probably not be chosen by the typical router admin, but the numbers speak for themselves. My point is that the "low-hanging fruit" of weak WPA passwords just got a bit easier to discover, with time and money.

    As always, only run a crack against your own WPA password, collected from your own network, or one you have permission to test. Let's not break any laws folks.

    References:
    pyrit - Google Code
    Pyrit
    You. Are. Doing. It. Wrong.
    -Gitsnik

  3. #43
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by kidFromBigD View Post
    My point is that the "low-hanging fruit" of weak WPA passwords just got a bit easier to discover, with time and money.
    Don't forget motivation.

    Just because something is possible does not mean anyone has interest in wasting resources (time/money/effort) attacking you.

    Motivation (which in this case is highly tied to the data you possess/process) is an important factor when performing a Threat & Risk Assessment of your network and the ways you protect it.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  4. #44
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    2

    Default WPA vs WPA2

    My Security admins keep asking when will we move from WPA to WPA2
    Given a password between 20 and 63 random chars
    What advantages will WPA-2 PSK bring?

  5. #45
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by rexnik View Post
    My Security admins keep asking when will we move from WPA to WPA2
    Given a password between 20 and 63 random chars
    What advantages will WPA-2 PSK bring?
    Did you read any of this thread??
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

  6. #46
    Just burned his ISO
    Join Date
    Feb 2006
    Posts
    2

    Default

    Quote Originally Posted by Barry View Post
    Did you read any of this thread??
    Yes I have read the thread.

    My belief before reading the thread was that provided the key was a reasonably long random "string" then WPA-1 is currently uncrackable.
    The thread seems to confirm this although no mention is made (or I missed it) as to whether the calculations are for WPA-1 or WPA-2.

    I asked the question because I couldn't reconcile why the sec admins keep pushing for WPA-2 PSK

  7. #47
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by rexnik View Post
    Yes I have read the thread.

    My belief before reading the thread was that provided the key was a reasonably long random "string" then WPA-1 is currently uncrackable.
    The thread seems to confirm this although no mention is made (or I missed it) as to whether the calculations are for WPA-1 or WPA-2.

    I asked the question because I couldn't reconcile why the sec admins keep pushing for WPA-2 PSK
    Because it's more secure, wpa2 with a good password is fairly uncrackable. Wpa2 uses better encryption, AES. Wpa2 also has better roaming capability between access points on the same network.
    Of course, if you really wanted to have some fun, go to Wal-Mart late at night and ask the greeter if they could help you find trashbags, roll of carpet, rope, quicklime, clorox and a shovel. See if they give you any strange looks. --Streaker69

Page 5 of 5 FirstFirst ... 345

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •