Most efficient way to crack wpa2 hash if you know first char?
#1
Is it most efficient to run hashcat with a mask, to load a file from AAAAAAAA -AZZZZZZZ or use rainbow tables?

Apart been faster by a factor of 26, I don't think having the first char will speed things up?
Reply
#2
first of all, these concepts of "rainbow tables" and "oclhashcat" (from your other post) etc are superseded since several years. not sure how you even come up with these concepts and think this is something innovative or useful nowadays.

of course there could be some exceptions (e.g. when rainbow tables could *theoretically* work), but it's for sure not the case here.

btw: rainbow tables *worked* well in the past (a lot of years ago) with unsalted hashes or very few salts or short salts

for something like WPA it makes no sense (except if everyone would use the same network name / SSID / salt).

x26 or 2600 % speedup could mean a lot. e.g. if an attack would take 1 month with a known starting character, it could take 26 months (many years) without knowing it. I think this is a huge difference ("faster by a factor of 26").

btw: mask attacks and/or brute-force attacks only make sense if the password is known to be random and there is no way to attack it with other attack modes (like dictionary based attacks, rule-based attacks etc ... they are best suited for user-choosen passwords with well known pattern or leaked passwords)

brute-forcing a slow hash is also very difficult and oftentimes impossible (depending on the keyspace etc).
Reply
#3
(08-02-2019, 01:15 PM)philsmd Wrote: first of all, these concepts of "rainbow tables" and "oclhashcat" (from your other post) etc are superseded since several years. not sure how you even come up with these concepts and think this is something innovative or useful nowadays.

of course there could be some exceptions (e.g. when rainbow tables could *theoretically* work), but it's for sure not the case here.

btw: rainbow tables *worked* well in the past (a lot of years ago) with unsalted hashes or very few salts or short salts

for something like WPA it makes no sense (except if everyone would use the same network name / SSID / salt).

x26 or 2600 % speedup could mean a lot. e.g. if an attack would take 1 month with a known starting character, it could take 26 months (many years) without knowing it. I think this is a huge difference ("faster by a factor of 26").

btw: mask attacks and/or brute-force attacks only make sense if the password is known to be random and there is no way to attack it with other attack modes (like dictionary based attacks, rule-based attacks etc ... they are best suited for user-choosen passwords with well known pattern or leaked passwords)

brute-forcing a slow hash is also very difficult and oftentimes impossible (depending on the keyspace etc).

How many ppl actually change their default router password?

I've seen the password previously and have lost it now.
Reply
#4
in that case your password is probably written on a sticker on your router itself. Just have a look at your router (hardware).
Reply