The question about why don’t we brute force WPA PSK’s (Pre Shared Keys) comes up a lot. The current technologies available do not allow for WPA/WPA2 PSK’s to be brute forced in a reasonable amount of time. Below I show specific numbers that can help anyone understand why brute forcing WPA passwords is near impossible at this point. So if you cannot brute force WPA PSK’s the most reasonable attack against WPA PSK’s is a dictionary attack which means that you create a list of character combinations that are more likely to be used than other character combinations. In fact the wordlist we offer for WPA PSK cracking on is currently over 1.5 billion combinations that vary in length from 8 to 20 characters. We believe our wordlist to be one of the most if not the most extensive wordlists available on the Internet. This is a wordlist that purehate started building over 5 years ago and that we have put a lot of time into over the past couple of years. Passwords and how people generate passwords are something that we both continue to learn more about and we use that knowledge to fine tune our wordlist on a regular basis. Take a look below at the hard numbers.

Brute Force & Dictionary Attacks Against WPA/WPA2 PSK’s:

WPA pre shared keys must be 8 characters in length so when combined with the 94 possible characters that can be used in WPA pre shared keys there are over six quadrillion combinations. Below are the rough times associated with running through all of the possible combinations in a eight character WPA PSK. Information is provided for brute forcing WPA PSK’s using CPU’s which would be the typical end user, brute forcing WPA PSK’s using GPU’s or the processors found in graphics cards, dictionary attack against WPA PSK’s using CPU’s, and dictionary attack against WPA PSK’s using GPU’s. The numbers for dictionary attacks use our 1.5 billion combination wordlist as the number of possible combinations.

Crack WPA PSK Using Brute Force With CPU’s:

  • Possible Combinations: 6,095,689,385,410,820
  • Seconds: 3,047,844,692,705
  • Minutes: 50,797,411,545
  • Hours: 846,623,525
  • Days: 35,275,980
  • Years: 96,646

Crack WPA PSK Using Brute Force With GPU’s:

  • Possible Combinations: 6,095,689,385,410,820
  • Seconds: 1,9049,029,329 seconds
  • Minutes: 317,483,822 minutes
  • Hours: 5,291,397 hours
  • Days: 220,474 days
  • Years: 604 years

Crack WPA PSK Using Dictionary Attack With CPU’s:

  • Possible Combinations: 1,500,000,000
  • Seconds: 750,000
  • Minutes: 12,500
  • Hours: 208.34
  • Days: 8.68

Crack WPA PSK Using Dictionary Attack With GPU’s:

  • Possible Combinations: 1,500,000,000
  • Seconds: 4,687
  • Minutes: 78.2
  • Hours: 1 hour 18.2 minutes

Hopefully the raw numbers above help explain not only explain why dictionary attacks are used against WPA PSK’s versus brute forcing WPA PSK’s and the value of using our service versus attempting to crack a WPA PSK using your home computer.

It should also be noted that many Nvidia or ATI graphics cards that come installed on standard computers can be used however they are still much slower than the higher end graphics cards. There is also a lot of value in our wordlist that started out over 5 years ago and is fine tuned on a regular basis.

Tags: , , , , , , , ,
Leave a Reply