Brute Force vs. Dictionary

[Kalinoob]

I want to know if per-computing all possible combinations in a range would be faster than brute forcing on the go... I know that with WPA\WPA2 you have to still run it through with the SSID, so what would be the difference between just running crunch with all possible combinations or "files" of all possible combinations where it just has to load the files/run the algorithm...

thanks..

[slim76]

A dictionary attack should in theory be faster than a crunch bruteforce attack, this would be due to crunch generating every possible combination.
A crunch bruteforce attack will generate lots of useless passwords, eg: 3333333333 aaaaaaaaaa abcabcabc1 and so on.

[Kalinoob]

would someone be willing to give me a link to a test CAP/pcap file (with actual password to test). I currently don't have the hardware /aka wireless card to follow the tutorials with. I just want to test the times/mess with it with different programs/etc.

Thank you.

[Kalinoob]

slim thanks for the reply.. I know a dictionary attack is usually faster because it is limited in what it may have compared to EVERY single combination, however thats what I want to know. Is it faster to let crunch PIPE it to aircrack or if a PRE-COMPUTED file with all combinations would be faster. Again the both would have the same values, just one is computed on the fly and the other is in file(s).

[slim76]

slim thanks for the reply.. I know a dictionary attack is usually faster because it is limited in what it may have compared to EVERY single combination, however thats what I want to know. Is it faster to let crunch PIPE it to aircrack or if a PRE-COMPUTED file with all combinations would be faster. Again the both would have the same values, just one is computed on the fly and the other is in file(s).

I believe PRE-COMPUTED file would be faster than piping it.
I believe the reason for this is because of the way crunch creates its wordlists, what crunch generates and what it outputs are different.
I mean it will still generate a value even if it doesn't output it due to the user using a filter.
I'm not doing to good explaining I know LOL, but I hope you get what I'm trying to say. LOL

I could be wrong about that so please dont hold me to it, maybe someone else with more insight could provide better info.

[rastamouse]

A pre-computed table is orders of magnitude quicker than a brute-force or dictionary attack. Though as you may know, the SSID is used as a seed in WPA key encryption. There are tables already available for common / default SSIDs for routers (e.g. belkin54, netgear, dlink etc etc) which have been generated from large wordlists, but they are very large in file size.

[Kalinoob]

thanks..for the responses.