11:36 Bill B. states that WPA2 is no longer fit for purpose. I got hold of KALI, captured the 4 way handshake on my my WPA2 home network and tried to crack the password, I gave up after 24 hours. WPA2 is not as bad as he is saying.
It is well known that the four-way handshake is weak, and needs to be replaced. The strength all depends on the rules used in Hashcat. If the password is in a dictionary or has simple rules applied (such as adding a numeric value at the end), it can be cracked in a fairly short time. PBKDF2 will give a throughput of a few thousand passwords tried every second on a simple processor, but that can increase to over 400,000 hashes per second using a GPU. miro.medium.com/max/2752/0*yQsLhJpVVF2tcPlG If we use a cluster of GPUs we can get this up to millions of tried passwords per second.
@@BillBuchanan There are 95 printable characters in ASCII. The number of different 10 character random password is 95 to the power 10 = 6 * 10 to the 19 = 46 million years at 1 million tries per second = reasonably secure I believe
@@An.Individual Given the fact that most people use very simple / insecure passwords, a simple dictionary attack or the use of precomputed rainbow tables can crack the password pretty easily for WPA2 Personal. Pure brute force attacks are seldom used today to crack any kind of passwords. This is why SEA / Dragonfly is used for WPA3 as it helps bring a higher security even if the password is weak.