Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: A little question about WPA password strength

  1. #1
    Junior Member Shaamaan's Avatar
    Join Date
    Dec 2007
    Posts
    34

    Default A little question about WPA password strength

    OK, so every tutorial and article about WPA and attempts at it's hacking says the same thing: the password of the network you are attempting to hack needs to be in your dictionary.

    OK, fine. If that is the case, why does everyone suggest to use a very long password then? I'm not saying "don't do it", and I understand that the longer, the better, but what are the odds of someone having, in their dictionary, a key composed of 8 completely random characters? Or a bit less random, but the characters still are neither a word nor anything logical?

    Do people have, in their dictionaries, some sort of 'brute force list', composing of every possible combination of keys of lesser length?

  2. #2
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Thats the whole point isnt it. It would be much easier to bruteforce a 8 char. password than a 63 char. password wouldn't it.

  3. #3
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    There was a website where you could input your password and it would tell you how long it would take to crack it. A 63 Alpha-Numerical-Symbol password would take a long time. The router would probably die of old age before you cracked it.

    EDIT: Not the one I was thinking of, but along the same lines I believe

    http://www.lockdown.co.uk/?pg=combi&s=articles
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  4. #4
    Just burned his ISO
    Join Date
    Jun 2007
    Posts
    14

    Default Time to break Calc

    This one is pretty good

    xxx.lastbit.com/pswcalc.asp

    As usual, replace x's with w's

    M

  5. #5
    Junior Member Shaamaan's Avatar
    Join Date
    Dec 2007
    Posts
    34

    Default

    But in that case...

    are there any tools for brute force cracking?

  6. #6
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    4

    Default

    There are rainbow tables for WPA. so if your password is not a certain length 12 characters I believe. (At least with the tables I have) then you can crack it rather quickly with cowpatty.

  7. #7
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    Quote Originally Posted by Shaamaan View Post
    But in that case...

    are there any tools for brute force cracking?
    Nope. There's no such thing at a password brute-forcing tool.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

  8. #8
    Just burned his ISO
    Join Date
    Dec 2007
    Posts
    3

    Default

    hi i,m from belgium and i have a wpa handshake in a cap file , but when i do a dictionary atack i can't retrive the passphrase because i think it's a dutch name. are there dutch dictionary's ? And can rainbow crack be useful ? (sorry for bad engelich)

  9. #9
    Senior Member PrairieFire's Avatar
    Join Date
    Apr 2007
    Posts
    705

    Default

    Quote Originally Posted by Shaamaan View Post
    I'm not saying "don't do it", and I understand that the longer, the better, but what are the odds of someone having, in their dictionary, a key composed of 8 completely random characters? Or a bit less random, but the characters still are neither a word nor anything logical?
    "This list was sorted and all passphrases < 8 or > 64 were removed due to the minimum and maximum passphrase length in WPA-PSK. The grand total words was ~172,000"
    Μολὼν λαβέ - Great spirits encounter heavy opposition from mediocre minds.

  10. #10
    Moderator theprez98's Avatar
    Join Date
    Jan 2010
    Location
    Maryland
    Posts
    2,533

    Default

    From "the book":
    If you’re wondering about the possibility of computing true rainbow tables in the sense of creating hashes for every character in the keyspace, considering the following math: If you limited yourself to alphanumeric characters and no “special” characters (62 characters), the total keyspace for an 8 character password is in excess of 218 trillion. Considering that our 172,000 word file creates a single 7.2 MB hash file, the keyspace is 1.26 trillion times larger. Our answer is in the petabyte range (a petabyte is 1,000 terrabytes), which is far beyond any current storage capabilities. Adding special characters doesn’t make it anymore ridiculous, and that’s only one table for one SSID.
    "\x74\x68\x65\x70\x72\x65\x7a\x39\x38";

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •