dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1450

BabyBear
Keep wise ...with Nite-Owl
join:2007-01-11

1 recommendation

BabyBear

Member

Easy peasy.

Just don't use words from a dictionary.

Like to see how long it takes for WPA cracker to have a go at one of Steve's passwords.

Jim Gurd
Premium Member
join:2000-07-08
Livonia, MI

1 edit

Jim Gurd

Premium Member

said by BabyBear:

Just don't use words from a dictionary.

Like to see how long it takes for WPA cracker to have a go at one of Steve's passwords.
Precisely. I use this to generate a 63 character long string of random ASCII data. Try cracking that in 20 minutes.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5 to BabyBear

Premium Member

to BabyBear
said by BabyBear:

Just don't use words from a dictionary.

Like to see how long it takes for WPA cracker to have a go at one of Steve's passwords.
Use randomly generated 20 character & up passwords and you are still uncrackable.
Longer passwords and ones that use combinations of letters, numbers, and punctuation will remain uncrackable over potentially very long periods of time.

n2jtx
join:2001-01-13
Glen Head, NY

n2jtx to BabyBear

Member

to BabyBear
My password is nine characters long and consists of random letters and numbers. No dictionary attack is going to crack that.
mlundin
join:2001-03-27
Lawrence, KS

mlundin to Jim Gurd

Member

to Jim Gurd
I wrote my own random string generator in Maple a few years ago and have been using passwords it generates ever since. Anyone needing access to my router needs a text file either from a USB thumb drive or sent via e-mail so they can copy & paste. (though setting up the Wii and PS3 was a pain in the ass).
Lazlow
join:2006-08-07
Saint Louis, MO

2 edits

Lazlow to n2jtx

Member

to n2jtx
Think again. The rainbow tables for all the characters have been built for the top 1000 most common essids. Last I checked they were up to 11 characters. You do need a separate table for each essid(file size per essid is typically around 185mb).

The tables for the 1000 most common essids with matching passwords is only 33mb/essid.

OldGrayWolf
join:2007-10-06

1 edit

OldGrayWolf to mlundin

Member

to mlundin
I just use a spreadsheet to generate passwords using RAND and VLOOKUP functions. Here is an example; 3QKyAnIlE9B0MqoS_HyI1l4RsZF_cdY5TuqgIYs-TUZs.#_7HucuG7-ZSDWVGGN. I keep hitting the F9 key until I get one I like.

james16
join:2001-02-26

james16 to BabyBear

Member

to BabyBear
said by BabyBear:

Just don't use words from a dictionary.

Like to see how long it takes for WPA cracker to have a go at one of Steve's passwords.
1) "135 million word dictionary"
2) "The Second Edition of the Oxford English Dictionary contains full entries for 171,476 words in current use, and 47,156 obsolete words."

I think you misunderstand what they mean by dictionary.

KodiacZiller
Premium Member
join:2008-09-04
73368

1 edit

KodiacZiller to BabyBear

Premium Member

to BabyBear
Or one can simply open a bash terminal and type:

echo ` /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c63`
 

This will generate a 63 character pseudorandom password. No need for Steve's stuff.

Exodus
Your Daddy
Premium Member
join:2001-11-26
Earth

1 edit

Exodus

Premium Member

said by KodiacZiller:

Or one can simply open a bash terminal and type:

echo ` /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c63`
 

This will generate a 63 character pseudorandom password. No need for Steve's stuff.
How many chicks did you pick up with that post?

cdru
Go Colts
MVM
join:2003-05-14
Fort Wayne, IN

cdru

MVM

said by Exodus:

How many chicks did you pick up with that post?
Probably exactly the same number that one would get by knowing that they could go to GRC to get 64 random characters for a WPA key. Zero.

DataRiker
Premium Member
join:2002-05-19
00000

DataRiker to Lazlow

Premium Member

to Lazlow
No.

I am very familiar with the project you are referencing.

The pre-computed hash table you refer to does not include every random string inclusive to 11 characters, not even close I'm afraid.

It is primarily composed of words, and by any standard is a dictionary based attack.
Lazlow
join:2006-08-07
Saint Louis, MO

Lazlow

Member

If you are referring to the church of the wifi stuff, it is not the project that I am referring to. That list is only the top 1000 most popular passwords (some do have nonstandard characters) for the 1000 most popular essids. The project I am referring to requires an invite to join and is working on all characters for the 1000 most popular essids. The long term plan is all passwords for all essids, but since most passwords are below 12 characters and you have to start somewhere, this is where they are.

DataRiker
Premium Member
join:2002-05-19
00000

3 edits

DataRiker

Premium Member

said by Lazlow:

If you are referring to the church of the wifi stuff, it is not the project that I am referring to. That list is only the top 1000 most popular passwords (some do have nonstandard characters) for the 1000 most popular essids. The project I am referring to requires an invite to join and is working on all characters for the 1000 most popular essids. The long term plan is all passwords for all essids, but since most passwords are below 12 characters and you have to start somewhere, this is where they are.
No offense, but this is highly suspect for 3 reasons.

Firstly the time to precompute this table is absolutely enourmous

secondly, the table would be enourmous -addressing tables this large is a problem

Third, even running this table pre-computed would take a long time

***If you doubt this, I tell you what I will do. I will make a 1-12 character key .cap file essid linksys, with the key verified by a third party on this site.

Let's see how "easy peasy" that is.

Ready to take me up on my offer?
Lazlow
join:2006-08-07
Saint Louis, MO

Lazlow

Member

There is actually a far easier way to see. If this company is not able to solve an acceptable number of passwords (say 75%), they probably will not be in business in six months. If there solution rate is not high enough they will get a bad reputation and nobody will use them(no income). The flip side of that is if they get a good reputation (high solution rate) they will stay in business/grow. That is of course assuming they do not get shut down for some other reason(legal).

DataRiker
Premium Member
join:2002-05-19
00000

1 edit

DataRiker

Premium Member

said by Lazlow:

There is actually a far easier way to see. If this company is not able to solve an acceptable number of passwords (say 75%), they probably will not be in business in six months. If there solution rate is not high enough they will get a bad reputation and nobody will use them(no income). The flip side of that is if they get a good reputation (high solution rate) they will stay in business/grow. That is of course assuming they do not get shut down for some other reason(legal).
No, I'm referring to your post that claims you have a PCH table inclusive of 11 printable characters.

Of course, I already know this is not true.

Since you have the table, why wouldn't you take me up on my offer - I will make the file tonight off of my router.
Lazlow
join:2006-08-07
Saint Louis, MO

1 edit

Lazlow

Member

What you are asking for is a little like when they ask someone when they quit beating their wife. There is no reply that can be made that helps the person.

If I take up the challenge (and use up those few favors I have left) and access the database one of two things is possible(solve or not solve). Now if I fail, you will say that it cannot be done, when it is more likely a lack in my skills than an statement about whether it can actually be done or not. If I succeed it is likely you(or someone else) would make a big stink about it, and that would be the end of what little access I now have. So doing anything more than ignoring this challenge is a guaranteed loss for me. Of course you already knew that before you made the post.

DataRiker
Premium Member
join:2002-05-19
00000

DataRiker

Premium Member

said by Lazlow:

What you are asking for is a little like when they ask someone when they quit beating their wife. There is no reply that can be made that helps the person.

If I take up the challenge (and use up those few favors I have left) and access the database one of two things is possible(solve or not solve). Now if I fail, you will say that it cannot be done, when it is more likely a lack in my skills than an statement about whether it can actually be done or not. If I succeed it is likely you(or someone else) would make a big stink about it, and that would be the end of what little access I now have. So doing anything more than ignoring this challenge is a guaranteed loss for me. Of course you already knew that before you made the post.
What you spread here is fear, uncertainty, and doubt (FUD).

I have a degree in mathematics. What you have stated here, numerous times is technically unfeasible.

The mere idea that you will compile an inclusive PCH table is ridiculous. It shows you fail to grab the scope of the problem at hand.

This is why you can't meet my "simple" challenge.