Hi all, I may be wrong here, but I don't have a debugger to hand on the laptop I've got so I'm relying on manual code inspection! So, the (possibly dumb) question is, is my brain fried, or does the WPA wordlist crack, in the WaveNetWPACrack.m method WaveNet(WPACrackExtension), skip 8-character words in the wordlist? First it takes the length of the string read from the file (including the linefeed at the end), then knocks one off to get the length of the word. Then it sets a null terminator by "wrd[i--] = 0;", thus decrementing the length again. The result is that with an 8-character word, i ends up as 7. Then we exclude the word from the crack because it's too short (if (i < 8 || i > 63) continue;) I spotted this by trying to crack a known 8-character WPA password using a short wordlist which definitely included the password, and having it fail, so I may be jumping to conclusions but if someone could double-check my working, I'd appreciate it. Once I finally get back home, I'll have a proper look myself, but I thought I'd mention it here in case I forgot! Cheers, Matt -- This message has been scanned by a team of highly-trained virus-spotting monkeys from Peru.