bruteforce 8 character (uppercase) password

[comaX]

About the dictionnary attack, it's assuming the WPA is based on a passphrase... Which where I live is pretty much never the case ! And I believe dictionnary attacks are a sub-kind of brute force, so I stand on the point that the only way to crack WPA is brute force !
(Except if you go in the hole 196-ish thing...)

[2901119]

brute force and dictionary attacks are two very different things. A dictionary attack has nothing to do with enumerating every possible combination of characters, unless you generate a list of every possible combination. Even in that case that's still just a brute force list.

[Scamentology]

I always considered dictionary attacks to be a kind of brute force as well. I may be wrong but its always the way I viewed them. If this is not the case then there are 2 ways of cracking WPA and I stand corrected.

brute force and dictionary attacks are two very different things. A dictionary attack has nothing to do with enumerating every possible combination of characters, unless you generate a list of every possible combination. Even in that case that's still just a brute force list.

[2901119]

https://www.infosecisland.com/blogvi...y-Attacks.html

and

http://en.wikipedia.org/wiki/Brute-force_attack

and

http://thehackerslounge.blogspot.com...ruteforce.html

If you search the backtrack 4 forums this topic has also been covered multiple times where many knowledgeable people come to agree that they are two very different attacks.

When you break it all down: one attack, if given enough time is guaranteed to work while the other attack only works if the word is in the dictionary file.

Why do you guys think its called a BRUTE FORCE attack? Certainly not because you're trying a small fraction of possible passwords that you have in a dictionary file, but because you're throwing everything at it and trying all of possible combinations of characters until you do find the right password.

[comaX]

Yeah, I see your point. And I'm not saying they are the same, but very similar since in both case you try a large number of possibilities against a hash (for example). One is just more "intelligent" than the other, even if risks of failure are greater*.

(*depends on a lot of things though...)

[Scamentology]

Very cool - thanks for clearing that up for me.

https://www.infosecisland.com/blogvi...y-Attacks.html

and

http://en.wikipedia.org/wiki/Brute-force_attack

and

http://thehackerslounge.blogspot.com...ruteforce.html

If you search the backtrack 4 forums this topic has also been covered multiple times where many knowledgeable people come to agree that they are two very different attacks.

When you break it all down: one attack, if given enough time is guaranteed to work while the other attack only works if the word is in the dictionary file.

Why do you guys think its called a BRUTE FORCE attack? Certainly not because you're trying a small fraction of possible passwords that you have in a dictionary file, but because you're throwing everything at it and trying all of possible combinations of characters until you do find the right password.

[2901119]

No problem

[Barry]

You probably want to find another way of cracking that WPA passphrase. There are 302231454903657293676544 possible combinations.


Regards

Not if you know it's an 8 character all uppercase password. Then it's only 208872064576 combinations.

[comaX]

Then it's only 208872064576 combinations.

Oh, much better then
(which it is in fact, given the previous figure... but hell, that's an awful lot too !)

[Barry]

Oh, much better then
(which it is in fact, given the previous figure... but hell, that's an awful lot too !)

True, just shows you why wpa2 is such a bitch to crack. It would probably be easier to just watch someone enter the password on their laptop from a spy satellite.....