1. ## WPA/2 cracking speed

When trying to crack my WPA key with a dictionary attack i get about 4 words per second. What determines the cracking speed? Signalstrength? Computerpower? Or something else?

2. Originally Posted by hackabear
When trying to crack my WPA key with a dictionary attack i get about 4 words per second. What determines the cracking speed? Signalstrength? Computerpower? Or something else?
When using a program like aircrack-ng, which I assume that you are, the speed will be determined by your processor and to some degree the amount of RAM you have. It is recommendable to use a dictionary that is smaller in size than the amount of available RAM you have.

3. Originally Posted by hackabear
When trying to crack my WPA key with a dictionary attack i get about 4 words per second. What determines the cracking speed? Signalstrength? Computerpower? Or something else?
Using a pre-calculated rainbow table will speed up cracking by 3+ orders of magnitude.

4. Originally Posted by theprez98
Using a pre-calculated rainbow table will speed up cracking by 3+ orders of magnitude.
True, but the probability of having a table with the correct SSID on hand is low. Most of my clients wised up and don't use the default SSID or their company name anymore. If the company is ABC then the SSID is NOT ABC but ABCcorp or ABCinc. Not SSIDs that I have a rainbow table for. But it kind of moot as most don't use WPA/WPA2. If they learn to not use WEP I might be out of work

5. Originally Posted by bofh28
True, but the probability of having a table with the correct SSID on hand is low. Most of my clients wised up and don't use the default SSID or their company name anymore. If the company is ABC then the SSID is NOT ABC but ABCcorp or ABCinc. Not SSIDs that I have a rainbow table for. But it kind of moot as most don't use WPA/WPA2. If they learn to not use WEP I might be out of work
So, find the SSID and make a table specific to that SSID!

6. Originally Posted by bofh28
True, but the probability of having a table with the correct SSID on hand is low. Most of my clients wised up and don't use the default SSID or their company name anymore. If the company is ABC then the SSID is NOT ABC but ABCcorp or ABCinc. Not SSIDs that I have a rainbow table for. But it kind of moot as most don't use WPA/WPA2. If they learn to not use WEP I might be out of work
Originally Posted by theprez98
So, find the SSID and make a table specific to that SSID!
Exactly. Computer your own table. While it isn't orders of magnitude quicker, it's still on the order of 2-3 times quicker than just a straight dictionary attack. Theprez98 previously conducted some tests along these lines, and wrote about it in a thread on these forums. Search on "time memory tradeoff", and you'll get a good idea of how it works.

7. Originally Posted by Thorn
Exactly. Computer your own table. While it isn't orders of magnitude quicker, it's still on the order of 2-3 times quicker than just a straight dictionary attack. Theprez98 previously conducted some tests along these lines, and wrote about it in a thread on these forums. Search on "time memory tradeoff", and you'll get a good idea of how it works.

8. Originally Posted by theprez98
Interesting reading. Thank you for pointing it out. I will definitely need to work on getting airolib to work.

Thanks,

9. Hello

I do not know but about it. But your client use TKIP over WPA?

I did see there is a flaw in TKIP which allow to decrypt very fast any PSK if it's being used. However I do not know which tool do the job.

Maybe someone in the forum knows and post a small tutorial...

Cheers

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•