06-14-2015, 12:32 AM
I've found the local landline and mobile NPA NXX make up a lot of PSKs. You're also going to get hits based on things in the geography -- street names, local businesses, or landmarks in the area. You're right, people generally share these passwords, so they like to be pronounceable, easy to remember, and not embarrassing.
There aren't "strength meters" on most consumer routers, so the below char-sets and masks speak for themselves.
Here's some output from PACK using actual recoveries.
[+] Analyzing 100% (10737/10737) of passwords
[*] Length:
[+] 8: 54% (5896)
[+] 9: 15% (1659)
[+] 10: 13% (1493)
[+] 11: 04% (444)
[+] 12: 03% (425)
[+] 13: 02% (236)
[+] 20: 01% (193)
[+] 16: 01% (117)
[*] Character-set:
[+] numeric: 37% (3980)
[+] loweralphanum: 26% (2838)
[+] loweralpha: 24% (2637)
[+] upperalphanum: 05% (543)
[+] mixedalphanum: 02% (280)
[*] Simple Masks:
[+] digit: 37% (3980)
[+] string: 26% (2872)
[+] stringdigit: 20% (2163)
[+] othermask: 10% (1127)
[+] digitstring: 01% (188)
[+] digitstringdigit: 01% (143)
[+] stringdigitstring: 01% (134)
[*] Advanced Masks:
[+] ?d?d?d?d?d?d?d?d: 29% (3116)
[+] ?l?l?l?l?l?l?l?l: 09% (1028)
[+] ?l?l?l?l?l?l?l?l?l: 05% (566)
[+] ?l?l?l?l?l?l?l?l?l?l: 04% (448)
[+] ?d?d?d?d?d?d?d?d?d?d: 03% (387)
[+] ?l?l?l?l?l?l?d?d: 02% (271)
Visit http://wpa-sec.stanev.org/ and throw some hash power so we can get better stats.
There aren't "strength meters" on most consumer routers, so the below char-sets and masks speak for themselves.
Here's some output from PACK using actual recoveries.
[+] Analyzing 100% (10737/10737) of passwords
[*] Length:
[+] 8: 54% (5896)
[+] 9: 15% (1659)
[+] 10: 13% (1493)
[+] 11: 04% (444)
[+] 12: 03% (425)
[+] 13: 02% (236)
[+] 20: 01% (193)
[+] 16: 01% (117)
[*] Character-set:
[+] numeric: 37% (3980)
[+] loweralphanum: 26% (2838)
[+] loweralpha: 24% (2637)
[+] upperalphanum: 05% (543)
[+] mixedalphanum: 02% (280)
[*] Simple Masks:
[+] digit: 37% (3980)
[+] string: 26% (2872)
[+] stringdigit: 20% (2163)
[+] othermask: 10% (1127)
[+] digitstring: 01% (188)
[+] digitstringdigit: 01% (143)
[+] stringdigitstring: 01% (134)
[*] Advanced Masks:
[+] ?d?d?d?d?d?d?d?d: 29% (3116)
[+] ?l?l?l?l?l?l?l?l: 09% (1028)
[+] ?l?l?l?l?l?l?l?l?l: 05% (566)
[+] ?l?l?l?l?l?l?l?l?l?l: 04% (448)
[+] ?d?d?d?d?d?d?d?d?d?d: 03% (387)
[+] ?l?l?l?l?l?l?d?d: 02% (271)
Visit http://wpa-sec.stanev.org/ and throw some hash power so we can get better stats.