Members Online
Total Online: 44 Web Spiders: 15
Guests Online: 43
Members Online: 1
Registered Members: 70220 Newest Member: borsche_1110
|
View Thread
| Author |
WPA cracking. |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
Hey guys,
Forms have been quiet so I figured I'd pose a (stupid?) question. I recently cracked into a WPA encrypted network the standard way (Force deauth, capture handshake, crack..), and was actually very surprised at the speed it took to run through my dictionary list. The 10 character passphrase was cracked within about 40 seconds at a speed averaging about 500/kps.
If my calculations are right, then a fifteen character passphrase should pan out like this:
2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.
Did I do something wrong there? I don't know a whole lot about bit entropy, but the idea that it takes just over a minute to genuinely bruteforce a fifteen character password is shocking. I have serious doubts that many users use a passphrase longer than 10, much less 15, so wouldn't this effectively make WPA encryption unsecure for the typical user (who has no clue what's going on)?
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
 
|
| Author |
RE: WPA cracking. |
fuser
Member
Posts: 959
Location: in front of a computer (duh)
Joined: 05.04.07
Rank: HBH Guru |
|
|
stealth- wrote:
Hey guys,
Forms have been quiet so I figured I'd pose a (stupid?) question. I recently cracked into a WPA encrypted network the standard way (Force deauth, capture handshake, crack..), and was actually very surprised at the speed it took to run through my dictionary list. The 10 character passphrase was cracked within about 40 seconds at a speed averaging about 500/kps.
If my calculations are right, then a fifteen character passphrase should pan out like this:
2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.
Did I do something wrong there? I don't know a whole lot about bit entropy, but the idea that it takes just over a minute to genuinely bruteforce a fifteen character password is shocking. I have serious doubts that many users use a passphrase longer than 10, much less 15, so wouldn't this effectively make WPA encryption unsecure for the typical user (who has no clue what's going on)?
I have to admit that was the fastest I've seen a WPA password got cracked.
I think in your case, you probably got lucky, or that you have a very good dictionary to back you up in cracking the wpa password. And it's can be as secure as how the user sets it up: if the passphrase is long and hard to guess, the longer it'll take for the cracker to bruteforce (or for you to guess it)
check this link for those interested in figuring out how to do it: http://docs.lucidinteractive.ca/index.php/Cracking_WEP_and_WPA_Wireless_Networks
Telling modern Internet users to stop whining is like telling them to stop breathing — it seems unrealistic and inhumane. Paul Lutus
|
|
| Author |
RE: WPA cracking. |
stranac
Member
Posts: 124
Location: Croatia
Joined: 15.11.08
Rank: God |
|
|
stealth- wrote:
If my calculations are right, then a fifteen character passphrase should pan out like this:
2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.
Did I do something wrong there?
You did something wrong. Your calculations are fine, except for one small detail: there are more than 2 characters possible.
For lowercase letters only there would be 26^15 = 1677259342285725925376 values possible. |
|
|
| Author |
RE: WPA cracking. |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
stranac wrote:
stealth- wrote:
If my calculations are right, then a fifteen character passphrase should pan out like this:
2^15 = 32768 possible values
32768/500kps = 65.536 seconds to try all possible values.
Did I do something wrong there?
You did something wrong. Your calculations are fine, except for one small detail: there are more than 2 characters possible.
For lowercase letters only there would be 26^15 = 1677259342285725925376 values possible.
Ah, that's right! Like I said, I'm not exactly skilled with bit entropy. Thanks for the correction 
62^15 = 768909704948766668552634368
768909704948766668552634368/500/60/60/24/30/12 = 49441210451952589
49441210451952589 years sounds much better, but signifigantly higher than I imagined. Is that right?
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
|
|
| Author |
RE: WPA cracking. |
haky2g
Member
Posts: 1
Location:
Joined: 11.10.10
Rank: Newbie |
|
sorry if this sounds retarded but how could you crack into WEP or WPA protected network. I know i am a noob at hacking and stuff but everyone has a starting point.
Thanks. |
|
|
| Author |
RE: WPA cracking. |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
|
haky2g wrote:
sorry if this sounds retarded but how could you crack into WEP or WPA protected network. I know i am a noob at hacking and stuff but everyone has a starting point.
Thanks.
There are a plethora of articles all over the web that explain this, and I believe one was actually linked to in an above post. Look into tools like aircrack, google it, and you'll do fine.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
Edited by stealth- on 14-10-10 05:45 |
|
|
| Author |
RE: WPA cracking. |
COM
Banned
Posts: 800
Location:
Joined: 31.08.07
Rank: God |
|
Well, didn't you change your tone to a friendlier one in a big hurry? 
Anyhow, you're still generous with your numbers, 62 would only account for upper case, lower case and numbers; no other symbols accounted for. Even if we just take the standard ascii table minus the first bunch of special values, we'd still end up with ((2^7)-32)^15 combinations. And that's just for the set 15 character length, it still leaves out the 1, 2, 3 ... 13, 14 lengths you'd try before reaching 15.
Why you are surprised about the dictionary being quick eludes me. A dictionary contains far, far less instances to try, just to begin with.
A long time to bruteforce is pretty much how these things are designed. The thought is generally that you shouldn't be able to reverse it and so, the option you are left with (trying combinations) should realistically take too long to manage within a reasonable amount of time since there really is no other way to defend against it.
K'aem'nhi kh'rn, K'aem'nhi kh'r, K'aem'nhi kh'rmnu.
I'a Y'gs-Othoth! |
|
|
| Author |
RE: WPA cracking. |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
COM wrote:
Well, didn't you change your tone to a friendlier one in a big hurry?
Heh, so you noticed that? I reread his question and realized I was being a bit harsh.
Anyhow, you're still generous with your numbers, 62 would only account for upper case, lower case and numbers; no other symbols accounted for. Even if we just take the standard ascii table minus the first bunch of special values, we'd still end up with ((2^7)-32)^15 combinations. And that's just for the set 15 character length, it still leaves out the 1, 2, 3 ... 13, 14 lengths you'd try before reaching 15.
I know, I figured the number I was left for 62 characters was still large enough to get what I was asking across, however.
Why you are surprised about the dictionary being quick eludes me. A dictionary contains far, far less instances to try, just to begin with.
A long time to bruteforce is pretty much how these things are designed.
I was surprised at the dictionary attacks speed because I was imagining something along the lines of an hour, likely more. I suppose after cracking WEP in about 5 minutes, I was expecting WPA to take at the very least longer than WEP did, regardless of the method.
The thought is generally that you shouldn't be able to reverse it and so, the option you are left with (trying combinations) should realistically take too long to manage within a reasonable amount of time since there really is no other way to defend against it.
Yeah, I understand the idea behind it, it's just a few trillion years seems ridiculous and I figured my math must've been off.
Thanks for the response, COM.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com
Edited by stealth- on 14-10-10 06:23 |
|
|
| Author |
RE: WPA cracking. |
txwooley
Member
Posts: 7
Location:
Joined: 04.02.11
Rank: Moderate |
|
Yall are missing one MINOR detail. If for example the password is aardvark, and your all encompassing dictionary is 30MB, it will find aardvard in about 2 seconds. However if your password is the much shorter xray, it will take about 10-15 minutes (or longer). It has more to do with where in the dictionary the correct password is found than how long or complex the password is.
Just my $.02 |
|
|
| Author |
RE: WPA cracking. |
blk_volk56
Member
Posts: 21
Location: Newyork
Joined: 23.03.08
Rank: Newbie |
|
yeah you do must have a good dictionary cuz all my network connections are wpa and backtracks wordlists are all outdated. i downloaded the 14mb wordlist collection and even those didnt crack the passphrase. i know there is a 30Gb wordlist but it would take a very long time even if your speed is 4000 keys/s.
"A lie is a lie. Just because they write it down and call it history doesn't make it the truth. We live in a world where seeing is not believing, where only a few know what really happened. We live in a world where everything you know is wrong."
 
   |
|
|
| Author |
RE: WPA cracking. |
stealth-
Member
Posts: 999
Location: Eh?
Joined: 10.04.09
Rank: God |
|
|
txwooley wrote:
Yall are missing one MINOR detail. If for example the password is aardvark, and your all encompassing dictionary is 30MB, it will find aardvard in about 2 seconds. However if your password is the much shorter xray, it will take about 10-15 minutes (or longer). It has more to do with where in the dictionary the correct password is found than how long or complex the password is.
Just my $.02
We didn't "miss" that, we didn't talk about it because it was obvious enough already. The password I was referencing in this text was far down the alphabet, not to worry.
Also, for future references please remember to check the date of threads before you dig them up from the grave.
The irony of man's condition is that the deepest need is to be free of the anxiety of death and annihilation; but it is life itself which awakens it, and so we must shrink from being fully alive.
http://www.stealth-x.com |
|
|
|
|
|
Main:
