If my WiFi (WPA2) is safe against rockyou.txt , can I assume I'm safe?

>there's "oppaibakemono" in rockyou.txt
>there's not "oppai"

So the only way to get hacked would be that some skiddy have a dictionary containing my password?
My router also has WPS activated (a quick Google search said that wps prevents an intruder to crack my password without a dictionary

>15 characters long

It needs to be 16+ for good security

WPS is really fucking bad for your security.
scotthelme.co.uk/wifi-insecurity-wps/

Source? How adding a 0 at the end of my password will making it substantiality stronger?

Then why does it comes enabled by default on most routers?

>Then why does it comes enabled by default on most routers?
Because most router manufacturers are retards and prioritize ease of use over security.

>most router manufacturers are retards
Indeed. See also: WEP.

doesn't wpa2 need 8 chars? sorry no effort to look it up

>think up
>thinking password lists are made by people thinking about what the password could be
wew

>Are there "classic" dictionaries to test my password against?
of course not, many dictionaries exist, and dictionaries used in practice tend to be pretty big
15 completely random characters is fine.
assuming digits+lowercase letters, that's 36^15 which is ~ 10^23.
at 10^10 guesses per second(~1000$ worth of GPU's) that's 300 years.

On this note, I remember snowden saying
>assume your adversary is capable of a trillion guess per second
Was he memeing or was this realistic?

try rockyou plus the top 64 rules that come by default with hashcat. Most people will try at least that if they actually want your wifi.

But that's literally exactly how the dictionary attack responsible for producing the list worked.

sagitta.pw/hardware/gpu-compute-nodes/brutalis/
~19k$, 0.2b hashes/second for md5
gtx 1080 does 25b MD5, so 40 of those will get you a trillion guesses a second for MD5. Not exactly a lot for a state actor.

>How adding a 0 at the end of my password will making it substantiality stronger?
The number of possible combinations for a password is
C^L
>C = number of characters in the set you're using
>L = length of password

Adding one more character makes it exponentially harder. Literally.

An 8 character password composed of lowercase letters (26 possible characters), uppercase letters (26 possible characters), and numbers (10 possible characters) will have a total possible combination of ~218 trillion combinations.
A computer guessing one billion passwords with that character set per second would take less than 3 days before it has hashed every single possible combination of uppercase, lowercase, and numbers up to 8 characters. No need for a dictionary attack here.

A 9 character password in the same ruleset would take a computer with one billion guesses per second ~160 days to guess every single possible combination for that characterset up to 9 characters. Could still get by without using a dictionary attack

To guess all possible combinations for 10 characters and under, it would take that computer 27 years. Have fun.

plenty of plaintext password dumps exist, the rest are variations automatically created by software(add numbers at the end or anywhere inbetween, replace letters with numbers(i. e. p4ssw0rd)) which sucessfully cracked a hash. These generated variations get added to the wordlist if they matched a password hash. Other sources of wordlists include lists of words in various languages etc. A good way of creating such a list is to scrape wikipedia for every word used. As for smaller wordlists, take a big dump with a few million cracked passwords and simply take the most common 1000 or 2000 or whatever passwords from that to get a very good list.

Yes

What computer could guess one billion passwords per second?

An enthusiast gaming PC doing pure bruteforce.

Is there a basis to your number or is it just a wild guess?

An nvidia titan x is capable of doing around 10 billion per second

Turn off WPS

It's a wild guess based on not understanding how password hashing works.

Here's a benchmark showing up to 200k-400k WPA2 passwords per seconds on a capable gaming PC:
crackingservice.com/?q=node/20

Thank you, that's what I was looking for

my wifi password is "somethingiwillnevertellanyonenotevenmyfamilyyoucheapshit"

the joke of course is that I tell it to anyone who asks for it.

>If my WiFi (WPA2) is safe against rockyou.txt , can I assume I'm safe?
Wtf no

>What are wordlists I should assure I'm safe against?
If you think your password may appear in a wordlist you're already fucked

>An nvidia titan x is capable of doing around 10 billion per second
with md5, maybe

stop spreading misinformation, password cracking has significantly evolved. it's not just dumb bruteforce anymore, digits at the end are very common and specifically added to what's found in wordlists(i. e. my wordlist contains "gentoo", "gentoo0", "gentoo1", etc. will be checked)
and at least get your math right.
8 random characters is ~2 trillions.
10 random characters is 10^36 which is ~3.6*10^15. at 1b(10^9) guesses/second that's 3.6*10^6 seconds, or ~1000h(roughly 40 days).
gtx 1080 does 25b for MD5, 970 10b

>(i. e. my wordlist contains "gentoo", "gentoo0", "gentoo1", etc. will be checked)
to clarify: if my wordlist contained "gentoo", you would usually check for "gentoo0", "gentoo1" etc. along with other common transformations such as "g3ntoo", "gent00", "g3n700" etc.

>10 random characters is 10^36
That's backwards
>8 random characters is ~2 trillions.
The character set was 62 not 36

It was also just meant to demonstrate how shorter passwords aren't even worth a sophisticated attack, but you're right, it's not really relevant. It's not like a cracker knows how long your password is going to be before they crack it.

329048945287datyeKk5243

This is my WiFi password, I changed one character though. Is it secure?

>not using WPA2-Enterprise
EAP/802.1X is trivial to set up these days.

>hurr I have to safeguard my cheap router from decryption by the NSA
>hurr let me plug it into a modem from an American telecom company and an American ISP

m8, NSA owns backdoors in all CPU architectures. It's to protect it from leeching chinks and niggers.

looks reasonably secure i guess
is there a pattern to the number? (e. g. telephone number etc.)

>by the NSA
But nobody in here said that. A more likely risk is somebody wardriving

Yeah it's not bad. If you feel like it, a couple symbols added in couldn't hurt.

Boskhfidjbxiwjbxhtjksjbdj4781955817735

And I change it for every account.

>capital at the beginning and number at the end
it's like you WANT to get hacked

>not having a password in latin and romance language

Arabic seems nice too. My Wi-Fi password is wadarbul_qitali

stop making posts matthew knight

get a fucking job

>i have no idea what im talking about

>2 words
too few.

capitalising a letter and adding a number at the end isn't going to make an insecure password secure. But a secure password won't somehow become insecure if you do this either.
Example: implyinginstallgentoo->Implyinginstallgentoo3

>two words existing in every dictionary + very popular password
>secure

WPA2 EAP-TLS or bust