by DAN from the BlackBuntu Forum
I have been doing some research into cracking the passwords on wireless networks and after some playing around found out some very I interesting information about trying to crack a WPA network.
This is for people attempting to test aircrack-ng for practice or what have you. If you are playing around with it learning, stick with a short password or something from the dictionary and get a dictionary wordlist. And when I say short password, I mean short password if randomly generated or using alphanumerics. A decent laptop about 3 years old can test about 1300 crypts/s. That is a Core 2 Duo 2.4 GHz.
If you are practicing using dictionary words, aircrack is really good at being to use wordlists. But a random password will render it useless. If you are testing a randomly generated password, a recent episode of HakTips covered piping John the Ripper into Aircrack, and it is very useful. Unfortunately, there is a snag.
WPA requires a minimum 8 digit/character password. Not convenient to crack. An 8 character password containing, say, only lowercase letters can take years to crack. That is the worst case time scenario. Now you are probably thinking that rainbow tables will be useful in a case like this. Think again. WAP does not make things easy for cracking the hash. The hash is salted with the SSID of the access point. With thousands of SSIDs out there, creating a Rainbow Table for only single words >7 but <64 characters long would take probably millions of years to do without a GPU farm or a high volume CPU cluster with an excess of 30 nodes. And we all have one of those, right? Unfortunately, no.
So this begs the question, is it really worth it to try and crack a WPA network? If you want to try, use a dictionary wordlist or the Church of WiFi has created a huge rainbow table of 100,000+ words in combination with the 1000 most popular SSIDs. Not fir the faint of heart though. The total file size is 33 GB. And that only covers on average 52% of the access points out there, so even then it is hit and miss.
What was the point of this? To discourage you from trying to crack WPA networks? No, of course not. It is designed to inform people who want to crack networks that they shouldn't hold their breath when trying to crack a WPA network via brute force. It just isnt feasible. If a dictionary wordlist doesn't work, it is probably best to leave it and don't waste your time. But it also does bring up the security potential of a WPA network with a strong password.
Take a double digit long lower case only password randomly generated. So say 10 letters long. That is 26^10 combinations. If your system is exceptionally fast and you can put through 5000 crypts/s, well, you do the math on that. We are talking about a very long time to crack that password. Throw in upper case letters and numbers, and we have 62^10 combinations. Paired with a WPA network, very secure. But there are weaknesses that may not always be easy to spot or know about. But I will cover that in a bit.
This isn't designed as an attempt to sound like a security pro as I am still in the very basic stages of learning. But if I have learned something at the basic level that may be useful to someone, then I have done some good. It really sucks waiting for a password to decrypt via brute force for 3 days only to realize that it more than likely won't happen in my lifetime. Really, really sucks finally figuring that out.
If anyone has any suggestions, recommendations or other information to add to this, please do. The more knowledge we can get out onto the forums the better until Astro and his hardworking team of documenters get their research and information out for users to start referencing.