Results 1 to 4 of 4

Thread: Broke WEP, quesiton on WPA

  1. #1
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default Broke WEP, quesiton on WPA

    So breaking WEP was easy enough. I moved on to breaking WPA following a tutorial I found online and the part with using a wordlist came up. I ran it and it didn't find my network's passcode out of the 5 million or so words in the list I downloaded. But then I started thinking about it as I scrolled through the word list in Kate.

    My passcode is a word followed by a few numbers. My friend's passcode is just a sequence of letters and numbers that they remember with a mnemonic device. My parent's use WEP, so I don't need the word list, but even theirs is just two words strung together.

    The wordlists I've found have been ones that include actual words and variations thereof, but nothing following the structure of the passcodes I just described. I guess this speaks to the strength of WPA encryption, but does this mean that without a word list that covers something as simple as "combining two words." into a single passcode, there's no chance of breaking it?

    Before I come off as too naive, I'd like to mention that I am very aware of the mathematical implications of what I'm talking about. Simply combining each word onto another to form "compound" passcodes would make the list impossibly large. It would actually be LESS work to simply try every alphanumberic possibility between 8-15ish characters I would think.

    So I guess my quesiton is....do people like my friends and myself, who understand the math behind an alphanumberic password, enjoy virtual immunity from attacks such as this or is there some part of this Distro that I'm just not aware of yet?

    Also, I'm interested in learning how to build my own list, but I wanted to see if there were tips for doing so and to confirm what I have concluded above about existing wordlists and passwords above before I start.

    Thanks for any help anyone can provide.

  2. #2
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Broke WEP, quesiton on WPA

    Quote Originally Posted by VoiceInTheDesert View Post
    Before I come off as too naive, I'd like to mention that I am very aware of the mathematical implications of what I'm talking about. Simply combining each word onto another to form "compound" passcodes would make the list impossibly large. It would actually be LESS work to simply try every alphanumberic possibility between 8-15ish characters I would think.
    Both methods are going to result in an impossibly large list, and the second list is going to be longer. If you do know the math you should be able to calculate this. The forumla to determine the total number of unique strings that can be generated from a "y" character password is x to the power of y, where x is the number of characters in the character set used (e.g. A-Z, a-z, 0-9, %@#$!). Assuming an ASCII character set and a single line end character, multiple the number of unique strings by the length of the password plus 1 to determine the file size of the list in bytes. If the list contains multiple lengths of passwords (14 character passwords and 15 character passwords), you need to add the calculated values for each list to get the total size. I did an example of this on the old forum somewhere if you want to go find it, but you should be able to do this on your own if you're interested in just how big it will get.

    Regards your "immunity from attacks question", as it stands there is no cryptographic shortcut that can be used to attack WPA encryption, so you are essentially left with brute force methods to determine the key. Use of a wordlist to find the correct key is an brute force shortcut in that you are only trying the keys in the list rather than every possible key within the key space. The basic rule of a brute force attack still applies however, in that the correct key must be provided as one of the possibilities during the brute force attack for the key to be cracked.

    So, if the attacker is patient enough/ or has sufficent resources to attempt every key within the possible keyspace, they will eventually find your key. In the far more likely scenario that the attacker only uses one or more wordlists to try and determine your key, they wont find it if its not in the wordlists. Hopefully that's clear enough.

    As for creating your own wordlist, the basic premise is to contain the words that people might use for passwords and to order them so that the most likely examples are earlier in the list. It might seem here that Im just stating the extremely obvious, but the basic theory is no more complicated than that. There has been some research done on this which I read at one stage but cant currently find (at least with the one minute search I just did), but start at the OpenWall site first and go from there if you want to know more.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #3
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    3

    Default Re: Broke WEP, quesiton on WPA

    Thanks for your reply. The only reason I said that the combination of words could be larger than literally every combination is because while each character can only be one of a few dozen options, combinations of words can literally be any two words strung together...so you're talking about 35,000 words with each one having 35,000 possible compliments...and that's just correctly spelled words...in english. I didn't do the math in my head, but it seemed like that would be more than permutations of alphanumeric characters within the normal range of passcodes.

    Anyway, at least I know what I'm up against now. I am very new at this and am still feeling my way around, so I appreciate the detail of your answer.

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default Re: Broke WEP, quesiton on WPA

    All possible pairings from 35,000 words is 35,000 * 35,000 or 1225000000 strings.

    All possible 15 character passwords using uppercase, lowercase, numerics and 9 special characters is 71 to the power of 15 or 5873205959385493353867330551 unique strings. And thats only 15 character passwords, the number goes up if you also add all 8 character, 9 character, 10 character, 11 character, etc passwords.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •