NOTE - this is outdated info, read through the topic to see the latest info!
Recently i tried to take a whack at another handshake that i got. I know for sure it uses lower case chars only and is 8 digits in lenght.
doesn't sound much at all, if it would be MD5 hash, i could crack that in less than 30 mins, however PSK or AES encryption is harder to crack + WPA/WPA2 uses AP name to encrypt too.
Here are some test results:
CPU 3.6ghz AMD Black Edition II - 1500p/s - 3500p/s (depending if SSE2 instruction is disabled/enabled)
nVidia GTX 550 Ti SLI - 25000p/s - 27000p/s
These i have tested myself and im 100% sure in speeds.
My friend tested with AMD FX8120 CPU (not sure about ghz) and GTX 680 and got 36000p/s, not so impressive at all for GTX680, i was expecting a lot more.
but then i googled a bit and found some test results using GTX690 and it gets only 65000p/s.
However there is nVidia Tesla k20 which is suppouse to get 85000p/s, now that's impressive.
Galax GTX 980 Hall of Fame Edition pulls an amazing 215000 average (from 196000 - 262000p/s, fluxuating a lot)
so what all these numbers mean, is that using my setup, i can crack 8 digit (lower or UPPER alpha) pass within 3 months max (probably it won't take that long since password is usually found somewhere in middle).
GTX690 could do it within 1 month and k20 in 20 days or so, which is very impressive.
Having a 4 way SLI k20 and you can crack such password in just 5 days, that's dangerously fast.
Lot of routers around here use 8 digit UPPER or lower alpha passwords (not mixed alpha, but only lower or only UPPER).
This is technology that anyone can get their hands on really, so using a cluster, it should be no problem to crack WPA/WPA2 handshakes.
I tested out new EWSA version 5.2.272 and it has awesome option, even tho it doesn't seem to be working.
it can limit the occurance of 1 character in password, for example i don't think that any password contains 1 letter more than 2-3 times.
in that case, total amount of tries would be significantly smaller. I have seen 2 same letters in password, but never 3. well it has another option that can limit how many continuous characters you can have, i wanted to set it on 2.
password can contain some letters like 3 times, like "ACBEAAP" but i don't think any default pass is like "AAABEILN"
So using these rules, it should decrease the total passwords, but it doesn't seem to be working even tho i have selected them.
Need to check into this and see why its acting like that.
at end, it still comes down to the human factor that makes passwords vulnerable. If default password would be strong, there is no way that even any cluster can crack the password.