Word List For Brute Force?

metamorphpwner

metamorphpwner

metamorphpwner

Associate
Joined
6 Sep 2008
Posts
2,111
Location
Near Hull
Hi,
Anyone know where to find a really good word list, I'm checking the security on my network with it and the stardard lists can't even pass the switch in my bedroom.
 
Unless you use dictionary words for passwords, (which I wouldnt imagine you wont be if your that bothered about security) trying to use a dictionary attack using a word list is meaningless
 
blitz2163 said:
Unless you use dictionary words for passwords, (which I wouldnt imagine you wont be if your that bothered about security) trying to use a dictionary attack using a word list is meaningless
Click to expand...

Good thing I was being jovial then eh. :rolleyes:

Attempting to brute force anything with at least ANY complexity even if its a dictionary word is prtety pointless, you will be there forever.

Any 1 special character and you are talking millions and millions of combos. Even an over generous account lockout policy would increase this by a factor of 1000s
 
Sin_Chase said:
Good thing I was being jovial then eh. :rolleyes:

Attempting to brute force anything with at least ANY complexity even if its a dictionary word is prtety pointless, you will be there forever.

Any 1 special character and you are talking millions and millions of combos. Even an over generous account lockout policy would increase this by a factor of 1000s
Click to expand...

Do you know of any good security autitors that i could use instead?
 
I really do not think it is necessary for actual passwords.

If you can use a non-standard username, do it. Some appliances force you into the default though.

1 or more special characters.
Combination of capitalisation.

For example on a firewall:

fw_admin
COMPANY_f1r3Wall!0189

Do not use usernames as e-mail addresses aliases.

Eg:

Susan Handy
username: handys
e-mail: [email protected]

If you want to be testing anything, its for open ports, security issues with patch levels, firmware etc.

Passwords are just so easy to ensure strength, its everything else you need to worry about. As for a bespoke software solution to test this, never used any so would be reluctant to recommend anything.

Also, never underestimate breaches from the inside. Social engineering or a key logger would thwart even the most paranoid of security setups.
 
With the newish GPU WPA2 cracking efforts, I wonder how long it'd take to brute force my password? I use a string of 63 ASCII characters, like this (but not actually this, obviously):

[FONT=courier new,courier]k}xY`%w9.+HQf*9&+@$A/&{'sdK~B}ZF8h~eirY0ypn}ZGg0xMtCJ0~|q6Hm,'G[/FONT]
transpixel.gif


My mate was saying last night that with GPU cracking he could break my network in a minute or two. Surely a password like the one above would take a little longer than that? LOL
 
He's talking out of his bottom.

I got an answer from Elcomsoft's Andrey Belenko, who said via e-mail that without dictionary words being involved, cracking is still quite intensive: perhaps three months to crack a lowercase-only random eight-character password using a PC with two Nvidia GTX 280 video cards.
Click to expand...
http://arstechnica.com/old/content/2008/12/gpu-based-wpawpa2-crack-struggles-with-good-passwords.ars

Your passphrase would most likely never be cracked with current technology, given that it takes three months to crack a (lowercase) eight-character password and each extra ASCII character makes it hundreds of times harder.

Also, who's gonna bother hacking into your WPA network when there are probably ten completely unprotected networks in the vicinity? :D
 
even if he used every graphics card, probably even every computer on earth, it would still take longer than the universe has existed to crack a password 63 characters long.
EDIT: OP, If you wanted rainbow tables, like ophcrack uses to break short windows passwords, i think thats a no go, the passwords are hashed + salted, so you can't just get a table of passwords and corresponding hashes.
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom