Brute forcing 5-12 character WPA in practice ?
#11
impossible to have a 5 character WPA password, minimum length for that algorithm is 8 characters.

8x R9 290X will take an average of 2.66 years to brute force an 8-character alphanumeric password (no special characters), and over 5 years to exhaust the whole keyspace. so as you can see, brute force is largely not possible with WPA.
#12
Most default passwords are not alphanumeric and in my experience, 90% of passwords given out by the ISP's are never changed by the user. You need to research what each ISP uses.

Most ISP's use

8 characters lower
8 characters upper
8 characters HEX
10 characters HEX
10 characters digits

I've had success with all of the above in reasonable timeframes. Below is a very good site for calculating time taken, just input your custom keys per second and calculate.

http://calc.opensecurityresearch.com/

Example:

4x 290X's at 200k/s would crack 8 characters lower OR upper in 3 days max. 1.5 days average.
#13
the notion of an ISP handing out a wifi router is rather foreign to me. is this mostly practiced in Europe? the only ISP i know that does this in the US is AT&T, with their DSL gateways which have built-in wifi. well i guess mobile hotspots also have generated numeric passwords as well. anyway, 99.9999% of the access points i encounter are purchased by their owners who have created their own passwords for these devices. but i suppose ymmv.
#14
(01-09-2014, 03:07 PM)epixoip Wrote: the notion of an ISP handing out a wifi router is rather foreign to me. is this mostly practiced in Europe? the only ISP i know that does this in the US is AT&T, with their DSL gateways which have built-in wifi. well i guess mobile hotspots also have generated numeric passwords as well. anyway, 99.9999% of the access points i encounter are purchased by their owners who have created their own passwords for these devices. but i suppose ymmv.

Wasn't aware of that.

With the UK at least, ISP's dish out routers with pre set keys.
#15
Another newb question:

Is there any performance advantage (or even possible) to run oclHashcat on a Macbook pro that has an nvidia chipset as opposed to running hashcat on the cpu? In any operating system, I have osx mavericks, backtrack and win7 on this machine.
#16
Scratch that last question. Until I get a mutli-GPU box purchased, I'm running hashcat on a supermicro server. Unfortunately it is in an ESXi server so I put a Linux virtual machine on it, and gave it access to all 8 cores on the machine.

Currently running a dictionary attack and I'm seeing the overall server pegged hard on CPU.

Input.Mode: Dict (rockyou.txt)
Index.....: 4/5 (segment), 3488132 (words), 33550343 (bytes)
Recovered.: 0/1 hashes, 0/1 salts
Speed/sec.: 5.60k plains, 5.60k words
Progress..: 2986168/3488132 (85.61%)
Running...: 00:00:08:53
Estimated.: 00:00:01:29



I'm curious, is this speed very slow ?
#17
Yes it is, cracking using CPU's is very slow and not worth doing.

I get 420K / sec with two 7970's and a 7850.
#18
(01-10-2014, 10:20 AM)futant Wrote: I'm curious, is this speed very slow ?

it is horrendously slow.