[kismac] (Possibly dumb) question: Wordlist crack missing 8-character WPA passwords?

  • From: "Matt Gibson" <gothick@xxxxxxxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Wed, 07 Feb 2007 14:23:09 +0000

Hi all,

I may be wrong here, but I don't have a debugger to hand on the laptop
I've got so I'm relying on manual code inspection!  

So, the (possibly dumb) question is, is my brain fried, or does the WPA
wordlist crack, in the WaveNetWPACrack.m method
WaveNet(WPACrackExtension), skip 8-character words in the wordlist? 
First it takes the length of the string read from the file (including
the linefeed at the end), then knocks one off to get the length of the
word.  Then it sets a null terminator by "wrd[i--] = 0;", thus
decrementing the length again.  The result is that with an 8-character
word, i ends up as 7.  Then we exclude the word from the crack because
it's too short (if (i < 8 || i > 63) continue;) 

I spotted this by trying to crack a known 8-character WPA password using
a short wordlist which definitely included the password, and having it
fail, so I may be jumping to conclusions but if someone could
double-check my working, I'd appreciate it.  Once I finally get back
home, I'll have a proper look myself, but I thought I'd mention it here
in case I forgot!


This message has been scanned by a team of highly-trained 
virus-spotting monkeys from Peru.

Other related posts:

  • » [kismac] (Possibly dumb) question: Wordlist crack missing 8-character WPA passwords?