Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Sep 2018 10:34:15 +0200
From: "JohnyKrekan" <>
To: <>
Subject: Questions regarding WPA Password audit

Hello, I would like to ask questions regarding WPA password strength audit.
1. What steps or how many password you would try against a single WPA-PSK hash to mark this hash "strong enough" when your search will not find the right one.
my test consist of following steps:
1. All 8+ words from lcommon languages.
2. Two well known WPA wordlists which can be downloaded as torrent (approx 13 gb in size - see
3. All 8 digit numbers (I have found that many routers use 8 digit decimal numbers)
4. Slovakian (my nation) wordlist using password mutation rules (like adding numbers, changing cases, also I use those rules on common English wordlist...)
The mentioned rules are generating about 600 derived password from each word.
After passing these steps with no success, the password is considered "not so weak".
1. What other steps would you recommend to add to this password audit process?
2. Have you encountered that 8 or 10 character hexadecimal numbers are used as WPA passwords? If yes what is the character case? Small or capital?
Thanx for any suggestions.
Johny Krekan

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.