Today I looked at my default router password and wondered how it is possible, that just 20 digits are secure enough for a wifi password. So I decided to try out and hack my wifi and this is what I've learned.
First my setup for this. My router is an AVM FRITZ!Box with the default 20 digits password you can find on the back and I've followed this tutorial on how to attack a wifi network with kali and airmon-ng.
Generate a wordlist
After I got my WPA Handshake, it was time to crack the password. It shouldn't be that hard, since it is just 20 digits, I thought to myself. So Let's write a small python script, that will generate a bunch of numbers, that I can go through to crack the password.
My first version of the script started from 10000000000000000000 and just counted up, after about one hour of running the script, half of the numbers were still all 0.
Well, time to adjust my script to make it a bit more intelligent. So I decided to use random numbers between 10000000000000000000 and 99900000000000000000 and also ditched all numbers, with 3 equal numbers in a row. Also, I've decided to split the wordlist into chunks of 100k numbers, to be able to run aircrack-ng on smaller files, instead of one big one. With my new knowledge, I've decided to let my script run overnight, so I don't have to wait till it is finished.
After I woke up, I've checked my laptop to see how many files it created and to my surprise: It was still running?!
The script created just 10 files each with 100k entries in it. That is weird, I would've bet this wouldn't take that long.
Ok, I've got 10 files with 100k entries and ~2Mb each file and it was running for about 7 hours. Let's do some quick maths to estimate how much disk space this would take:
Alright, let's calculate the storage I would take up for all the possible numbers counting from ten quintillions (yep, that's the number) up
((2x10¹⁹)/100000) * 2Mb = 10¹⁴Mb = 100000000TB (one hundred million)
Well, I don't know about you, but I certainly don't have this much storage capacity lying around to store that wordlist on my drive. Even if I did have it, I would need centuries to go through all of them.
Now I know, that 20 digits is a fairly strong password. Adding more characters to this would even increase the time to crack it and this is why a password with 8 characters containing lowercase, uppercase, special characters and numbers is considered a strong password.
Does this mean, my Wifi is not hackable with a strong password? No, sadly it is not. They are other ways a hacker can get into your network. For example, I was able to use an evil twin attack on my network to retrieve the password.
You still want to have a strong password, so hackers can't get into your network the easy way!