The truth about WPA/WPA2 encryption and high-speed cracking (1)

Source: Internet
Author: User

In a wireless WPA encryption environment, after obtaining a WPA handshake verification package, attackers can use the brute-force cracking mode to crack WPA passwords. In addition, they can also establish targeted dictionaries in advance, and then conduct dictionary cracking (attacks ). This will be an effective method for most Wireless Access Point APs. It turns out that the security awareness of most administrators, maintenance personnel, and home users is not as high as they think, at least for more than a year, I have encountered countless WPA-PSK passwords set to birthday or simple words.

So, can we say that as long as there is enough space and comprehensive dictionary, the actual cracking of WPA is mainly a matter of time. Is it true? I don't know if you have noticed it carefully. According to the current mainstream standalone environment configuration, the WPA cracking rate is maintained at 100 ~~ 300 k/s (k/s refers to the number of keys called per second during the cracking process). At this cracking rate, a 5-bit WPA password consisting of lowercase letters and numbers should be cracked, let's estimate with basic probability theory knowledge: (figure 1)

Figure 1 possible combination of passwords

(26 + 10 )? = 60466176;

The possible 5-digit WPA password is:

The time spent cracking will be:

60466176/(3600x300 )~~ 60466176/(3600 × 100), that is, 55.987 ~~ 167.962 hours.

If it is converted to a number of days, it will take about 2 ~~ 7 days. This is only a 5-digit WPA password. If the WPA password is a pure lowercase letter with a length of more than 10 digits, the shortest time is 5446261 days, that is, 14921 years !! It's really a tiandai number !! If the password combination uses uppercase/lowercase letters, numbers, and special characters, I'm afraid you will always say: Do you still have to consider cracking?

Therefore, after the WPA handshake is obtained, the cracking actually only applies when the other party uses a simple password. That is to say, because the cracking speed is too slow, therefore, after the other party uses a slightly complex password, this conventional method does not have much practical ability or even completely loses the meaning of cracking.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.