08-31-2018, 08:30 PM
of course there is reason to reject passwords < 8 for WPA/WPA2 because the algorithm only allows a minimum length of 8. The problem is that if everything happens on GPU (rule engine + hashing/attack) we can't reject the candidates there (there is currently no way rejecting candidates on GPUs, that would be a waste of resources and sometimes actually quite difficult to do on GPU, you would need to do it in the main kernel and loosing a lot of speed probably 
), therefore we need to do the rejection before the candidates are loaded into the GPU buffers (which is currenly done before the rule engine+hashing)... again there are some ideas to have/implement a new special attack where the rules are applied on CPU already, but I can't promise anything there.
If we allow passwords that are smaller than the minimum allowed password length (for instance < 8 for WPA/WPA2), all strange things could happen and this should be avoided for sure.
), therefore we need to do the rejection before the candidates are loaded into the GPU buffers (which is currenly done before the rule engine+hashing)... again there are some ideas to have/implement a new special attack where the rules are applied on CPU already, but I can't promise anything there.If we allow passwords that are smaller than the minimum allowed password length (for instance < 8 for WPA/WPA2), all strange things could happen and this should be avoided for sure.