Bruteforcing WPA passwords

Johnnytoxic

Johnnytoxic

Johnnytoxic

Permabanned
Joined
13 Nov 2006
Posts
5,798
For benchmarking and experimental reasons. A friends router has an 8 character uppercase password I'm currently bruteforcing.

Got my 2x 6950 graphics cards with the shader's unlocked.

Quite amazing that my Quad Core i5 @ 4.6ghz can only perform 5000 passwords / second. My two graphics cards are producing 160,000 passwords /second. To break an only upper or lowercase WPA password it will take 15days maximum, depending on what the last letter is. If it's a Z it will be 15days, but if it's an A it could be a day.

Nice calculator to see how long passwords take.
http://lastbit.com/pswcalc.asp

Anyone else messed around with this? what kind of results are you getting
 
Last edited:
I built a pc for a local mobile hone company recently to do phone unlocking.

4 690's and a 2011 socket. They no do unlocking in an hour as to 5 day and can offer online services for it too.

Scary stuff
 
Brute Force Attack will take up to 730559937884763300000 years

19 digit password with upper/lower case and numbers

I did manage to break the wps code within a couple of days on my router before disabling it, amazing how easy it is to do.
 
Last edited:
Brute forced worked :), Took around 12days, could have done quicker but I only left my machine on 24/7 the last few days.

I was going through each letter so ???????A , then ???????B . Each letter took around 13hours to complete. I started letter O and it popped in a few seconds as the tail end of it was ?????AAO.
 
Last edited:
Tbh it depends on the router. Anything linux based could (imo should) limit attempts per second.

Then there's what should, in theory, be secure being botched up during mass manufacture. WPS uses an 8 digit key and should employ rate limiting to stop brute force. Unfortunately that 8 digit key is in fact 2 x 4 digit keys, and what's worse once you find the first one the router actually tells you it's correct so really running through the combination of 4 digits twice doesn't take a great deal of time at all. The worst part is many companies employ no limiting at all and some (Linksys are particularly guilty) don't even let you disable WPS - even when you press off the chip is still active.

Reaver got a lot of press at the beginning of the year as it was specifically attempting to make people aware of how vulnerable they actually are http://lifehacker.com/5873407/how-to-crack-a-wi+fi-networks-wpa-password-with-reaver

At the rate computers are advancing we're gong to be using complete sentences for passwords soon.
 
Brute Force Attack will take up to 593912540554080400 years based on your stats, but if I was to do it on my own PC... Well... I only have a Q8400 @ 2.6GHz, and currently an 8800GT... so nowhere near 5000 a second, let alone your 160000 a second :p
 
Azuse05 said:
Tbh it depends on the router. Anything linux based could (imo should) limit attempts per second.
Click to expand...

I didn't use reaver / WPS with this one as the router doesn't have it enabled. Brute forcing 8 characters is feasible when:

Only uppercase
Only lowercase
Upper & Numbers or Lower and Numbers ( much power needed )

SKY routers kindly use Uppercase 8 character passwords, so around 16 days maximum with my set up depending what the last letter is from a-z.
 
Last edited:
16 days@160,000 for mine.
TBH if anyone is that desperate to get internet access then fair play to them!

Windows is secure enough to stop anyone but the most determined and if someone is that desperate to gain access to your network then you should be more worried about the knocks on the door.
 
You must log in or register to reply here.
Back
Top Bottom