I think you didn't realize how large that keyspace is.
Let us start with 26 characters which can be repeated.
The charset would be: abcdefghijklmnopqrstuvwxyz
The number of characters would be: 26
Hence, the total keyspace for exactly length 13 (not incremented, that one would be even larger) would be:
26 ^ 13 = 2,481,152,873,203,736,576
or more simply:
26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 = 2,481,152,873,203,736,576
Yes, in this case (all chars can be repeated), each position can be all 26 characters.
Please try to read that resulting value aloud and you should recognize how large that number really is.
Let's now move on to case number #2, i.e. where there cannot be a sequence of 2 repeating characters (directly attached to each other).
This reduces the number of possible candidates by a little (but still not too much to be doable):
26 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 = 1,549,720,764,160,156,250
(note: we cannot repeat for instance like "...aab..." but "...aba..." is allowed)
The problems here:
1. Bruteforcing WPA/WPA2 is difficult already for short(er) (random) passwords (like 9, 10)
2. WPA/WPA2 is a slow algorithm, it cannot be compared to md5/ntlm etc (fast algorithms)
3. If the passwords are not completely random, it is a good advice to try other attack modes (wordlists, wordlists with rules, combinator etc), bruteforcing a hash should always be the last (most of the time desperate
) step one should try, if really all other attack modes did exhaust
4. the keyspace mentioned here (and this is a really BIG problem) is not even doable for a fast algorithm (like ntlm/md5), even with the largest and best cluster of GPUs in a reasonable time
Let us start with 26 characters which can be repeated.
The charset would be: abcdefghijklmnopqrstuvwxyz
The number of characters would be: 26
Hence, the total keyspace for exactly length 13 (not incremented, that one would be even larger) would be:
26 ^ 13 = 2,481,152,873,203,736,576
or more simply:
26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26 = 2,481,152,873,203,736,576
Yes, in this case (all chars can be repeated), each position can be all 26 characters.
Please try to read that resulting value aloud and you should recognize how large that number really is.
Let's now move on to case number #2, i.e. where there cannot be a sequence of 2 repeating characters (directly attached to each other).
This reduces the number of possible candidates by a little (but still not too much to be doable):
26 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 * 25 = 1,549,720,764,160,156,250
(note: we cannot repeat for instance like "...aab..." but "...aba..." is allowed)
The problems here:
1. Bruteforcing WPA/WPA2 is difficult already for short(er) (random) passwords (like 9, 10)
2. WPA/WPA2 is a slow algorithm, it cannot be compared to md5/ntlm etc (fast algorithms)
3. If the passwords are not completely random, it is a good advice to try other attack modes (wordlists, wordlists with rules, combinator etc), bruteforcing a hash should always be the last (most of the time desperate
) step one should try, if really all other attack modes did exhaust4. the keyspace mentioned here (and this is a really BIG problem) is not even doable for a fast algorithm (like ntlm/md5), even with the largest and best cluster of GPUs in a reasonable time