If my WiFi (WPA2) is safe against rockyou.txt , can I assume

Depends on your password, what is it?

>>57495947
bigjuicyhorsecock69

>>57495947
It's ***************

File: 1470959082037.jpg (28KB, 512x396px) Image search: [Google]

28KB, 512x396px

>>57495947
EataDick6969

>>57495947
*adds to rockyou.txt*

Solusisbestdistro

>>57496024
Safe enough
>>57496027
Not Safe, just one character is not a good password.
>>57496057
Safe enough
>>57496389
Not safe at all, that is the first thing most technically adept people are goung to think up.

To get back to the subject, if my WiFi is not WEP and my password cannot be found in skiddy 101's wordlist, is it safe enough to assume I'm safe?

Are there "classic" dictionaries to test my password against?

I don't want my datacaps to be used in torrenting porn and then struggle for two days without any image larger than 1 Mo being displayed.

>>57495880
>>57496507
Assuming you're using WPA2 with a decent length password, you shouldn't have anything to worry about. In theory.

File: 1447985058979.jpg (78KB, 500x500px) Image search: [Google]

78KB, 500x500px

>there's "oppaibakemono" in rockyou.txt
>there's not "oppai"

>>57496529
So the only way to get hacked would be that some skiddy have a dictionary containing my password?
My router also has WPS activated (a quick Google search said that wps prevents an intruder to crack my password without a dictionary

>>57495880
>15 characters long

It needs to be 16+ for good security

>>57496590
WPS is really fucking bad for your security.
https://scotthelme.co.uk/wifi-insecurity-wps/

>>57496615
Source? How adding a 0 at the end of my password will making it substantiality stronger?

>>57496619
Then why does it comes enabled by default on most routers?

>>57496677
>Then why does it comes enabled by default on most routers?
Because most router manufacturers are retards and prioritize ease of use over security.

>>57496685
>most router manufacturers are retards
Indeed. See also: WEP.

>>57496546
doesn't wpa2 need 8 chars? sorry no effort to look it up

>>57496451
>think up
>thinking password lists are made by people thinking about what the password could be
wew

>>57496507
>Are there "classic" dictionaries to test my password against?
of course not, many dictionaries exist, and dictionaries used in practice tend to be pretty big
>>57496615
15 completely random characters is fine.
assuming digits+lowercase letters, that's 36^15 which is ~ 10^23.
at 10^10 guesses per second(~1000$ worth of GPU's) that's 300 years.

>>57497603
On this note, I remember snowden saying
>assume your adversary is capable of a trillion guess per second
Was he memeing or was this realistic?

>>57495880
try rockyou plus the top 64 rules that come by default with hashcat. Most people will try at least that if they actually want your wifi.

>>57497489
But that's literally exactly how the dictionary attack responsible for producing the list worked.

>>57497738
https://sagitta.pw/hardware/gpu-compute-nodes/brutalis/
~19k$, 0.2b hashes/second for md5
gtx 1080 does 25b MD5, so 40 of those will get you a trillion guesses a second for MD5. Not exactly a lot for a state actor.

>>57496677
>How adding a 0 at the end of my password will making it substantiality stronger?
The number of possible combinations for a password is
C^L
>C = number of characters in the set you're using
>L = length of password

Adding one more character makes it exponentially harder. Literally.

An 8 character password composed of lowercase letters (26 possible characters), uppercase letters (26 possible characters), and numbers (10 possible characters) will have a total possible combination of ~218 trillion combinations.
A computer guessing one billion passwords with that character set per second would take less than 3 days before it has hashed every single possible combination of uppercase, lowercase, and numbers up to 8 characters. No need for a dictionary attack here.

A 9 character password in the same ruleset would take a computer with one billion guesses per second ~160 days to guess every single possible combination for that characterset up to 9 characters. Could still get by without using a dictionary attack

To guess all possible combinations for 10 characters and under, it would take that computer 27 years. Have fun.

>>57497928
plenty of plaintext password dumps exist, the rest are variations automatically created by software(add numbers at the end or anywhere inbetween, replace letters with numbers(i. e. p4ssw0rd)) which sucessfully cracked a hash. These generated variations get added to the wordlist if they matched a password hash. Other sources of wordlists include lists of words in various languages etc. A good way of creating such a list is to scrape wikipedia for every word used. As for smaller wordlists, take a big dump with a few million cracked passwords and simply take the most common 1000 or 2000 or whatever passwords from that to get a very good list.

>>57496781
Yes

>>57498144
What computer could guess one billion passwords per second?

>>57498181
An enthusiast gaming PC doing pure bruteforce.

>>57498203
Is there a basis to your number or is it just a wild guess?

>>57498227
An nvidia titan x is capable of doing around 10 billion per second

>>57495880
Turn off WPS

>>57498181
>>57498227
It's a wild guess based on not understanding how password hashing works.

Here's a benchmark showing up to 200k-400k WPA2 passwords per seconds on a capable gaming PC:
http://www.crackingservice.com/?q=node/20

>>57498292
Thank you, that's what I was looking for

>>57495880

my wifi password is "somethingiwillnevertellanyonenotevenmyfamilyyoucheapshit"

the joke of course is that I tell it to anyone who asks for it.

>>57495880
>If my WiFi (WPA2) is safe against rockyou.txt , can I assume I'm safe?
Wtf no

>What are wordlists I should assure I'm safe against?
If you think your password may appear in a wordlist you're already fucked

>>57498259
>An nvidia titan x is capable of doing around 10 billion per second
with md5, maybe

>>57498144
stop spreading misinformation, password cracking has significantly evolved. it's not just dumb bruteforce anymore, digits at the end are very common and specifically added to what's found in wordlists(i. e. my wordlist contains "gentoo", "gentoo0", "gentoo1", etc. will be checked)
and at least get your math right.
8 random characters is ~2 trillions.
10 random characters is 10^36 which is ~3.6*10^15. at 1b(10^9) guesses/second that's 3.6*10^6 seconds, or ~1000h(roughly 40 days).
>>57498380
gtx 1080 does 25b for MD5, 970 10b

>>57498436
>(i. e. my wordlist contains "gentoo", "gentoo0", "gentoo1", etc. will be checked)
to clarify: if my wordlist contained "gentoo", you would usually check for "gentoo0", "gentoo1" etc. along with other common transformations such as "g3ntoo", "gent00", "g3n700" etc.

>>57498436
>10 random characters is 10^36
That's backwards
>8 random characters is ~2 trillions.
The character set was 62 not 36

It was also just meant to demonstrate how shorter passwords aren't even worth a sophisticated attack, but you're right, it's not really relevant. It's not like a cracker knows how long your password is going to be before they crack it.

329048945287datyeKk5243

This is my WiFi password, I changed one character though. Is it secure?

File: ISHYUDDT.jpg (21KB, 372x362px) Image search: [Google]

21KB, 372x362px

>not using WPA2-Enterprise
EAP/802.1X is trivial to set up these days.

File: 1478801196680.jpg (36KB, 602x475px) Image search: [Google]

36KB, 602x475px

>hurr I have to safeguard my cheap router from decryption by the NSA
>hurr let me plug it into a modem from an American telecom company and an American ISP

File: 1438407863797.png (131KB, 362x343px) Image search: [Google]

131KB, 362x343px

>>57498956
m8, NSA owns backdoors in all CPU architectures. It's to protect it from leeching chinks and niggers.

>>57498899
looks reasonably secure i guess
is there a pattern to the number? (e. g. telephone number etc.)

>>57498956
>by the NSA
But nobody in here said that. A more likely risk is somebody wardriving

>>57498899
Yeah it's not bad. If you feel like it, a couple symbols added in couldn't hurt.

>>57495947
Boskhfidjbxiwjbxhtjksjbdj4781955817735

And I change it for every account.

>>57499280
>capital at the beginning and number at the end
it's like you WANT to get hacked

>not having a password in latin and romance language

Arabic seems nice too. My Wi-Fi password is wadarbul_qitali

>>57495880
stop making posts matthew knight

get a fucking job

>>57499394
>i have no idea what im talking about

>>57499992
>2 words
too few.

>>57499394
capitalising a letter and adding a number at the end isn't going to make an insecure password secure. But a secure password won't somehow become insecure if you do this either.
Example: implyinginstallgentoo->Implyinginstallgentoo3

>>57500464
>two words existing in every dictionary + very popular password
>secure

WPA2 EAP-TLS or bust