Results 1 to 7 of 7

Thread: Brute Force vs. Dictionary

  1. #1
    Join Date
    2014-Jan
    Posts
    6

    Brute Force vs. Dictionary

    I want to know if per-computing all possible combinations in a range would be faster than brute forcing on the go... I know that with WPA\WPA2 you have to still run it through with the SSID, so what would be the difference between just running crunch with all possible combinations or "files" of all possible combinations where it just has to load the files/run the algorithm...

    thanks..

  2. #2
    Join Date
    2013-Oct
    Posts
    321
    A dictionary attack should in theory be faster than a crunch bruteforce attack, this would be due to crunch generating every possible combination.
    A crunch bruteforce attack will generate lots of useless passwords, eg: 3333333333 aaaaaaaaaa abcabcabc1 and so on.

  3. #3
    Join Date
    2014-Jan
    Posts
    6
    would someone be willing to give me a link to a test CAP/pcap file (with actual password to test). I currently don't have the hardware /aka wireless card to follow the tutorials with. I just want to test the times/mess with it with different programs/etc.

    Thank you.

  4. #4
    Join Date
    2014-Jan
    Posts
    6
    slim thanks for the reply.. I know a dictionary attack is usually faster because it is limited in what it may have compared to EVERY single combination, however thats what I want to know. Is it faster to let crunch PIPE it to aircrack or if a PRE-COMPUTED file with all combinations would be faster. Again the both would have the same values, just one is computed on the fly and the other is in file(s).

  5. #5
    Join Date
    2013-Oct
    Posts
    321
    Quote Originally Posted by Kalinoob View Post
    slim thanks for the reply.. I know a dictionary attack is usually faster because it is limited in what it may have compared to EVERY single combination, however thats what I want to know. Is it faster to let crunch PIPE it to aircrack or if a PRE-COMPUTED file with all combinations would be faster. Again the both would have the same values, just one is computed on the fly and the other is in file(s).
    I believe PRE-COMPUTED file would be faster than piping it.
    I believe the reason for this is because of the way crunch creates its wordlists, what crunch generates and what it outputs are different.
    I mean it will still generate a value even if it doesn't output it due to the user using a filter.
    I'm not doing to good explaining I know LOL, but I hope you get what I'm trying to say. LOL

    I could be wrong about that so please dont hold me to it, maybe someone else with more insight could provide better info.
    Last edited by slim76; 2014-01-05 at 00:03.

  6. #6
    Join Date
    2013-Mar
    Location
    http://rastamouse.me
    Posts
    86
    A pre-computed table is orders of magnitude quicker than a brute-force or dictionary attack. Though as you may know, the SSID is used as a seed in WPA key encryption. There are tables already available for common / default SSIDs for routers (e.g. belkin54, netgear, dlink etc etc) which have been generated from large wordlists, but they are very large in file size.
    OSCP
    --
    If it smells like a duck, walks like a duck and quacks like a duck; then it probably is a duck.

  7. #7
    Join Date
    2014-Jan
    Posts
    6
    thanks..for the responses.

Similar Threads

  1. Brute Force Router Password??
    By black_box in forum General Archive
    Replies: 10
    Last Post: 2015-09-21, 11:06
  2. Replies: 2
    Last Post: 2013-10-23, 22:17
  3. Hydra FTP and SSH Brute Force SLOW
    By mojo0254 in forum General Archive
    Replies: 4
    Last Post: 2013-08-01, 17:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •