wordem

I can tell there are a lot of cracking newbs in this thread and just some newbs in general. Let me save you some time... First off, this is not full of dupes as someone suggested. It had only 300k worth of dupes in it, less than 0.001%. But that doesn't mean this list isn't rubbish because it is. There isn't a single mixed case word I saw while tailing off samples of it while it was sorting the few dupes it contained. So this list at best is only a "source list", not a cracking list. That means to have "decent" success you'll need to apply rules to it to toggle case. On a list this large the best you're going to do in volume is all lower, upper first character and all upper. If you were focusing on a single newtwork for a long time you could definetly expand it, but nothing like you can do when you can get 28G c/s on MD5. This list is just too big to run a comprehsive ruleset on for WPA, and just using it for source words is pretty bad. I have lists 10% of the size that do 400% better on average. I would call this list more of a list of last resort instead of a first choice. If you're using a CPU then this list isn't for you, just still with the openwall list or something under 5 to 10M words. Otherwise it will take you several days running nonstop to check the list as-is and you'll be lucky to have more than a 10-20% success rate. Add in just a few rules and you're talking nearly a month. For comparison, I can run this list in around 40 minutes. I get about 400,000 c/s on WPA and 28G c/s on MD5. If you don't have a GPU with fast hasing then stick to a good small list of PWs, not just a big source list of words and such. But this list is bad for a source list for WPA just because of its size, you can't make more than a few mutations from it and still be able to test the results against a large enough sample to learn anything. If you want to do more than just try to crack a single password then you're going to have to do it on GPU. You'll rarely find someone who is willing to share a list or rules that are working amazing because it takes a ton of time and work and you lose your edge in competitions and such. To start getting results above 30-40% on WPA you'll need to start doing a lot of testing and analysis. This is the part where it is tough, because WPA is slow. If can take a day just to test 10 handshakes against a few new rules, whereas you could test the same MD5 hashes in under 10 seconds. And 10 handshakes doesn't tell you squat, so even with a cluster of cracking rigs it takes forever to do quantitive analysis on WPA. The solution to this is to stick with MD5. It is not a direct crossover... personal pws and WPA PSK, but the patterns can apply across both. If you find a rule or list working well on MD5 hashes it will likely perform will on WPA. The trick is efficiency, not maximum results when it comes to WPA. So if you have a list/ruleset that finds 30% of the hashes, but is 1000% more efficient (less keyspace) than the one that gets 40% you sacrifice the 10%, at least initially and use the rules for the extra 10% at the end. Pyrit is slow, so you're not going to get the numbers from even multiple GPUs that I pull on a single GPU core in HC. And of course aircrack (cpu) might as well be standing still.