Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 5 Sep 2018 09:43:11 +0100
From: Lee Hutton <leehutton1983@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Questions regarding WPA Password audit

Hi Johnny,

For my own audits I use something very similar (uk based but run wordlists
of most European countries due to my work) to check the integrity of a
password, ide say that your measures would constitute a medium/strong
password if all attempts thus far have failed to return a positive result.

A lot of the time a passwords strength for me is also determined by the
company/organisation I’m auditing. If it’s a tech orientated company (or a
large well know corporation) then I push for a top end password strength
due to the nature of the business, for lesser known company’s or little to
no tech relation then a medium password suffices.

Hope this is of help

Lee Hutton

On Wed, 5 Sep 2018 at 09:34, JohnyKrekan <krekan@...nykrekan.com> wrote:

> Hello, I would like to ask questions regarding WPA password strength audit.
> 1. What steps or how many password you would try against a single WPA-PSK
> hash to mark this hash "strong enough" when your search will not find the
> right one.
> my test consist of following steps:
> 1. All 8+ words from lcommon languages.
> 2. Two well known WPA wordlists which can be downloaded as torrent (approx
> 13 gb in size - see
> https://forums.hak5.org/topic/29308-13gb-44gb-compressed-wpa-wpa2-word-list-982963904-words/
> 3. All 8 digit numbers (I have found that many routers use 8 digit decimal
> numbers)
> 4. Slovakian (my nation) wordlist using password mutation rules (like
> adding numbers, changing cases, also I use those rules on common English
> wordlist...)
> The mentioned rules are generating about 600 derived password from each
> word.
> After passing these steps with no success, the password is considered "not
> so weak".
> Questions:
> 1. What other steps would you recommend to add to this password audit
> process?
> 2. Have you encountered that 8 or 10 character hexadecimal numbers are
> used as WPA passwords? If yes what is the character case? Small or capital?
> Thanx for any suggestions.
> Johny Krekan

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.