* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/)
* State of the Art in WPA/W...

# State of the Art in WPA/WPA2 Passphrase Cracking -- Part 2

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2013%2F10%2Fstate-art-wpawpa2-passphrase-cracking-part-2%2F)  
[](https://twitter.com/share?text=State+of+the+Art+in+WPA%2FWPA2+Passphrase+Cracking+%E2%80%93+Part+2&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2013%2F10%2Fstate-art-wpawpa2-passphrase-cracking-part-2%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2013%2F10%2Fstate-art-wpawpa2-passphrase-cracking-part-2%2F&title=State+of+the+Art+in+WPA%2FWPA2+Passphrase+Cracking+%E2%80%93+Part+2&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2013/10/state-art-wpawpa2-passphrase-cracking-part-2/&ts=markdown)  
\[\](mailto:?subject=State of the Art in WPA/WPA2 Passphrase Cracking – Part 2)  
Link copied  
By [Brian Tokuyoshi](https://www.paloaltonetworks.com/blog/author/brian/?ts=markdown "Posts by Brian Tokuyoshi")  
Oct 10, 2013  
4 minutes  
[Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown)

As stated [in the previous entry to this series](https://www.paloaltonetworks.com/blog/2013/09/state-of-the-art-in-wpawpa2-passphrase-cracking-part-1/?ts=markdown), we discussed that the techniques to discover a plaintext passphrase for a wireless network is done by making a series of educated guesses. The least desirable approach towards this work is a brute force attack, namely trying to guess every single possible combination. That's because that brute forcing, while effective, may not be computationally feasible with available resources.

So the approach that many take is to use a methodical set of guesses to the passphrase before using a brute force as a last resort. The start of the attack typically uses a dictionary to come up with a set of words that might be possibly used in the guesses. These words might be used directly out of the dictionary (say a word like pomegranate), or a set of rules may be applied to modify the words to try different combinations.

A typical set of rules would try capitalizing different parts of the word, and seeing how that worked. For the example with pomegranate, one might also try "Pomegranate", "pOmegranate", "poMegranate", and so on. Another set of rules might try adding various numbers to the passphrase, such as putting a single digit within the word, then a double digit, and so on.

Both the dictionaries and the rules used in the past were crude by today's standards. These lists might be ways that people used passphrases, but it still wasn't effective against the passphrases that were not in the dictionary. Without a feedback loop to link the real world with the theoretical world, it was still an imprecise measure of guessing, and while weak passwords were easily broken, the strong passwords were not.

In recent years, there has been a renaissance in password cracking. Efforts to go after databases of usernames led to a large trove of unencrypted passwords. With a growing list of real world passphrases in hand, researchers now have data on how to build more accurate word lists and rules based on research rather than theory, thus improving the accuracy of the guesses and reducing the time spent on combinations that are unlikely to yield good results.

For instance, when asked to add a set of numbers to the passphrase to add complexity, the number would often be the two digits or four digit representation of the year they were born. Thus instead of having to try adding every single number from 0000-9999 in a four digit guess, it's far more useful to focus on the hundred digits between 1900-2000. This single rule would reduce the number of guesses by a hundredfold. Given enough computing power, one could try all combinations, but better rules made better use of the available resources by performing best guesses first.

With wireless networks, it turns out there are also additional rules to make the guesses more accurate. Entering special characters is not very easy with a mobile device, and even entering capital letters can be trying. As a result, people tend to choose passphrases that stick to one keyboard mode. For instance, the wireless passphrase is likely going to be all lowercase rather than upper/lowercase. Since WPA/WPA2 passphrases must be a minimum of 8 characters, many people will use their phone number as a passphrase so that 8+ characters could be entered from a single keyboard mode.

In addition to the improvements in passphrase word lists and rules, yet another set of developments led to massive improvements in passsphrase recovery: improvements in technology. I'll cover this topic in my next entry.

Meanwhile, if you're interested in the art of passphrase attacks, there is a lot of great coverage on Ars Technica. See the article, "[Why Passwords Have Never Been Weaker, and Crackers Have Never Been Stronger](http://arstechnica.com/security/2012/08/passwords-under-assault/)" for more insights.

*** ** * ** ***

## Related Blogs

### [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Look What's Riding Your Network](https://www.paloaltonetworks.com/blog/2018/02/look-whats-riding-network/)

### [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Service Providers](https://www.paloaltonetworks.com/blog/category/service-providers/?ts=markdown)

[#### Mobile Network Operators: Boost Value with the Safest Network](https://www.paloaltonetworks.com/blog/2017/03/mobile-network-operators-boost-value-safest-network/)

### [Application Advisory/Analysis](https://www.paloaltonetworks.com/blog/category/application-analysis/?ts=markdown), [Malware](https://www.paloaltonetworks.com/blog/category/malware-2/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Advisories - Advisories](https://www.paloaltonetworks.com/blog/category/threat-advisories-advisories/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com)

[#### Chinese Taomike Monetization Library Steals SMS Messages](https://www.paloaltonetworks.com/blog/2015/10/chinese-taomike-monetization-library-steals-sms-messages/)

### [Distributed Enterprise](https://www.paloaltonetworks.com/blog/category/distributed-enterprise/?ts=markdown), [Mobility](https://www.paloaltonetworks.com/blog/category/mobility/?ts=markdown), [Threat Prevention](https://www.paloaltonetworks.com/blog/category/threat-prevention-2/?ts=markdown)

[#### Reusable Mobile App Libraries Introduce Reusable Security Issues](https://www.paloaltonetworks.com/blog/2014/07/reusable-mobile-app-libraries-introduce-reusable-security-issues/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language