Discussion:
[john-users] Questions regarding WPA Password audit
JohnyKrekan
2018-09-05 08:34:15 UTC
Permalink
Hello, I would like to ask questions regarding WPA password strength audit.
1. What steps or how many password you would try against a single WPA-PSK hash to mark this hash "strong enough" when your search will not find the right one.
my test consist of following steps:
1. All 8+ words from lcommon languages.
2. Two well known WPA wordlists which can be downloaded as torrent (approx 13 gb in size - see https://forums.hak5.org/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/
3. All 8 digit numbers (I have found that many routers use 8 digit decimal numbers)
4. Slovakian (my nation) wordlist using password mutation rules (like adding numbers, changing cases, also I use those rules on common English wordlist...)
The mentioned rules are generating about 600 derived password from each word.
After passing these steps with no success, the password is considered "not so weak".
Questions:
1. What other steps would you recommend to add to this password audit process?
2. Have you encountered that 8 or 10 character hexadecimal numbers are used as WPA passwords? If yes what is the character case? Small or capital?
Thanx for any suggestions.
Johny Krekan
Lee Hutton
2018-09-05 08:43:11 UTC
Permalink
Hi Johnny,

For my own audits I use something very similar (uk based but run wordlists
of most European countries due to my work) to check the integrity of a
password, ide say that your measures would constitute a medium/strong
password if all attempts thus far have failed to return a positive result.

A lot of the time a passwords strength for me is also determined by the
company/organisation I’m auditing. If it’s a tech orientated company (or a
large well know corporation) then I push for a top end password strength
due to the nature of the business, for lesser known company’s or little to
no tech relation then a medium password suffices.

Hope this is of help

Lee Hutton
Post by JohnyKrekan
Hello, I would like to ask questions regarding WPA password strength audit.
1. What steps or how many password you would try against a single WPA-PSK
hash to mark this hash "strong enough" when your search will not find the
right one.
1. All 8+ words from lcommon languages.
2. Two well known WPA wordlists which can be downloaded as torrent (approx
13 gb in size - see
https://forums.hak5.org/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/
3. All 8 digit numbers (I have found that many routers use 8 digit decimal numbers)
4. Slovakian (my nation) wordlist using password mutation rules (like
adding numbers, changing cases, also I use those rules on common English
wordlist...)
The mentioned rules are generating about 600 derived password from each word.
After passing these steps with no success, the password is considered "not so weak".
1. What other steps would you recommend to add to this password audit process?
2. Have you encountered that 8 or 10 character hexadecimal numbers are
used as WPA passwords? If yes what is the character case? Small or capital?
Thanx for any suggestions.
Johny Krekan
сергей крицкий
2018-09-05 15:42:41 UTC
Permalink
as i know according statistics about 20% password have 8-10 numbers
digit(tel no or burn date etc.)
remained use number mixed with small letter and around 10% pass it is
hexadecimal numbers.
Chinese modem very popular default pass hexadecimal numbers together with
normal letter
(half password content as default) and/or capital or mixed (small)letter
together with normal numbers.
as usually 8-10 digit .is usually have on default pass list and easy
generate.
please be informed about false negative respond during scan from beta
software version or AMD video card and large wrong positive
validity state hashed pass(cap file -incomplete hash or damaged but is
wrong look like good).
many wpa word list in internet has large amount pass who cannot accepted
for AP and
only waste computation time.
according all this observation i recommend use EWSA soft and nvidia on xp
os or android os.
luck
Post by JohnyKrekan
Hello, I would like to ask questions regarding WPA password strength audit.
1. What steps or how many password you would try against a single WPA-PSK
hash to mark this hash "strong enough" when your search will not find the
right one.
1. All 8+ words from lcommon languages.
2. Two well known WPA wordlists which can be downloaded as torrent (approx
13 gb in size - see
https://forums.hak5.org/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/
3. All 8 digit numbers (I have found that many routers use 8 digit decimal numbers)
4. Slovakian (my nation) wordlist using password mutation rules (like
adding numbers, changing cases, also I use those rules on common English
wordlist...)
The mentioned rules are generating about 600 derived password from each word.
After passing these steps with no success, the password is considered "not so weak".
1. What other steps would you recommend to add to this password audit process?
2. Have you encountered that 8 or 10 character hexadecimal numbers are
used as WPA passwords? If yes what is the character case? Small or capital?
Thanx for any suggestions.
Johny Krekan
Jens Timmerman
2018-09-05 16:25:27 UTC
Permalink
Hi,
Post by JohnyKrekan
Hello, I would like to ask questions regarding WPA password strength audit.
1. What steps or how many password you would try against a single WPA-PSK hash to mark this hash "strong enough" when your search will not find the right one.
1. All 8+ words from lcommon languages.
2. Two well known WPA wordlists which can be downloaded as torrent (approx 13 gb in size - see https://forums.hak5.org/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/
I would also add weakpass_2_wifi from https://weakpass.com/download (I
strongly suspect this list already includes the other lists linked
above, but you can mail the admin to be sure)
Post by JohnyKrekan
3. All 8 digit numbers (I have found that many routers use 8 digit decimal numbers)
4. Slovakian (my nation) wordlist using password mutation rules (like adding numbers, changing cases, also I use those rules on common English wordlist...)
The mentioned rules are generating about 600 derived password from each word.
After passing these steps with no success, the password is considered "not so weak".
I would phrase this a bit more nuanced as: strong enough to not be
cracked by a skilled attacker <if you believe yourself to be skilled>
with access to <insert your hardware resources/ monetary cost to run on
a rented system here> in <insert the time you took for this here>
Post by JohnyKrekan
1. What other steps would you recommend to add to this password audit process?
I would like to have a large list of wpa passwords that are actually
used in the wild, generate a  statistics file with these and run your
cracker for let's say a week. If someone has these, I'm intrested :)
(Most list I found are just normal wordlists with passwords < 8 and > 63
removed from them, not actually wpa keys that people (or tools) come up
with.
Post by JohnyKrekan
2. Have you encountered that 8 or 10 character hexadecimal numbers are used as WPA passwords? If yes what is the character case? Small or capital?
Thanx for any suggestions.
Johny Krekan
Regards,

Jens Timmerman
JohnyKrekan
2018-09-06 06:36:32 UTC
Permalink
Hello, Thank you for posting link to those really big wordlists, I will try
to contact admin, because it is easyer to ask than to make my own test how
many password from my smaller wordlist is located in this big one.
I am giving you a few example of as you call it (wild passwords:-). In my
research I have found some using reaver (in the days when people loved
WPS:-) and which would be hard to break using cracking methods
1. Two were from cracked Belkin routers and were generated by cracked router
itself
password1: h6sp-3kje-bpu6
password2: uskg-7lgo-nkwg
The other example of wild password is renesis1986. This could be cracked
with year mutation in EWSA enabled.
other not easy password which maybe could be cracked is ritope222
Others that probably are uncrackable in real time:
Hatebreed147fg91...
DafkddXHtZrKkHUzbxiPgmmHFMXOeRhDnLFIpYtWGNEsdhNKkMHRxVhafEVdQKH
MatejLucia2507@
42s4tGQt
The time that I need to test 1000000000 WPA-PSK passwords using all my
hardware is about 100 minutes.
Johny Krekan
----- Original Message -----
Sent: Wednesday, September 05, 2018 6:25 PM
Subject: Re: [john-users] Questions regarding WPA Password audit


Hi,
Post by JohnyKrekan
Hello, I would like to ask questions regarding WPA password strength audit.
1. What steps or how many password you would try against a single WPA-PSK
hash to mark this hash "strong enough" when your search will not find the
right one.
1. All 8+ words from lcommon languages.
2. Two well known WPA wordlists which can be downloaded as torrent (approx
13 gb in size - see
https://forums.hak5.org/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/
I would also add weakpass_2_wifi from https://weakpass.com/download (I
strongly suspect this list already includes the other lists linked
above, but you can mail the admin to be sure)
Post by JohnyKrekan
3. All 8 digit numbers (I have found that many routers use 8 digit decimal numbers)
4. Slovakian (my nation) wordlist using password mutation rules (like
adding numbers, changing cases, also I use those rules on common English
wordlist...)
The mentioned rules are generating about 600 derived password from each word.
After passing these steps with no success, the password is considered "not so weak".
I would phrase this a bit more nuanced as: strong enough to not be
cracked by a skilled attacker <if you believe yourself to be skilled>
with access to <insert your hardware resources/ monetary cost to run on
a rented system here> in <insert the time you took for this here>
Post by JohnyKrekan
1. What other steps would you recommend to add to this password audit process?
I would like to have a large list of wpa passwords that are actually
used in the wild, generate a statistics file with these and run your
cracker for let's say a week. If someone has these, I'm intrested :)
(Most list I found are just normal wordlists with passwords < 8 and > 63
removed from them, not actually wpa keys that people (or tools) come up
with.
Post by JohnyKrekan
2. Have you encountered that 8 or 10 character hexadecimal numbers are
used as WPA passwords? If yes what is the character case? Small or
capital?
Thanx for any suggestions.
Johny Krekan
Regards,

Jens Timmerman

Loading...