Optimized dictionary for WPA
#1
Hello to all. I apologize for my poor english.

I would like to create a dictionary optimized for wpa.

I know the password is 10 characters long from UPPER HEX (0123456789ABCDEF). The key space is 16^10, but I know some rules and I'd like to use them with maskprocessor or crunch.

Rules:

1) 10 chars long
2) no more than 5 alpha chars in the password (yes ABCDE01234 no ABCDEF0123)
3) no more than 2 consecutive chars (yes AABCDEF012 no AAABCDEF01)
3) no more than 2 equal numbers in the password (yes A1A123456 no A1A123451)
4) no more than 3 equal alpha chars in the password (yes 8017C24CCF, no C017C24CCF)

May someone help me? Thanks.
#2
As far as I know, only the -q switch could help you. You would need your own word generator to apply all these rules.
#3
try crunch as a word generator, can be piped or used to create a file
#4
(12-11-2013, 11:13 PM)JulioQc Wrote: try crunch as a word generator, can be piped or used to create a file

wrong hint, maskprocessor can do the same but faster.

you won't neccessarily need an own written word generator, but you will propably need to write a tool to apply a filters on maskprocessor output.

what's the reason for those limitations? vendor specific? how did you find out?
#5
(12-12-2013, 04:39 PM)atom Wrote:
(12-11-2013, 11:13 PM)JulioQc Wrote: try crunch as a word generator, can be piped or used to create a file

wrong hint, maskprocessor can do the same but faster.

you won't neccessarily need an own written word generator, but you will propably need to write a tool to apply a filters on maskprocessor output.

what's the reason for those limitations? vendor specific? how did you find out?

Yes, specific limitations of vendor. It's a 10 hex password, but with some specific rules.
#6
Wink 
I were highly motivated by goat's old post.

I figure out that a 16^10 hex password dictionary must be very, very big.

How big? Well, to compare I recently download a not so good password dictionary that weight 178Mb and contains 16,982,780 ten hex strings.

For the other hand, my iMac can manage only 4,300 keys/s with aircrack-ng, so it takes about an HOUR to check all these passwords.

So, a complete 16^10 = 1,099,511,627,776 dictionary must take for me about 8 YEARS for my machine and it could weight approximately 11 Tb.

It make sense to have some heuristic to crunch that enormous dictionary and I like goat's rules.

So I generate a PHP class that follows goat's rules. At first, I've believed that that monster dictionary could be chunk to weight very little, maybe just 10% of the original file. But I was wrong.

According to my big random sample of 10 million string passwords, the real ratio of optimised/total is 0.6655 and it converge very soon from the beginning.

What does it means?

It means that the wanted file is still very big:

- weight: (0.6655) 11Tb = 7.32 Tb
- crackTime: (0.6655) 8 years = 5.32 years

The numbers speak for themselves. So, maybe we will have to wait the first generations of quantum computers, hehe.

The php classes are attached to this post.

Greetings,


Attached Files
.zip   wpaGoatRules.zip (Size: 3.08 KB / Downloads: 56)
#7
A small GPU cluster, which has the speed of 1M p/s for WPA2, could check entire 16^10 keyspace in around 13 days.
No quantum computers needed.