The World's Longest and Strongest WiFi Passwords
The password, hunter2 is on a legendary run, but not today.
What is that, you ask?
An infamous password known by many Cybersecurity professionals and often discussed with much mention for its fanatics.
This blog post, however, is part of one of my weekend projects to answer a few research questions:
- What is the longest WiFi password?
- What is the most complex WiFi password?
This is going to be a rough one since I can only work with existing public data that doesn’t trace back to anything that identifies people or compromises data privacy.
Top 31Mil — WiFi Passwords Wordlist
I’ve decided to download the Top31Million-probable-WPA.txt wordlist, which contains at least 8 characters long passwords but less than 40 characters.
Essentially, a formatted wordlist of passwords used by routers protected by WPA/2 security.
There’s a similar GitHub repository here that you can utilize to obtain a wordlist to follow through.
There are 30,965,071 entries in the password wordlist, which I utlized.
I wrote some lengthy code here that reads a provided wordlist and ranks the Top five (5) longest passwords and Top five (5) complex passwords and outputs the result to a readable file.
The Evaluation Criteria
Passwords are evaluated on a simple criteria by this script, which I’ve outlined as:
Complexity Score Calculation
- Base score: 1 point per character length
- Character variety bonuses:
- Uppercase: +5 points
- Lowercase: +5 points
- Numbers: +5 points
- Special characters: +7 points
- Mix bonus: +3 points per each type mixed (up to +12)
Penalties
- Repeated patterns: -3 points each
- Minimum score floor: 1.0
Usage
python ranking-passwords.py wordlist.txt --output outdirIn my case, I ran the script as such
python ranking-passwords.py Top31Million-probable-WPA.txt --output randomdir
Its working, its working, its working.
Now we wait...
The Results
The execution time for my system was fairly 15 minutes or less. I would also assume that there is opportunity for improving the script’s speed.
The results of this research were rather funny and interesting.
The longest WiFi password was supercalifragilisticexpialidocious while the most complex WiFi password was some fancy JavaScript Cross-Site Scripting payload, “><script>alert(1)</script>.
All In All
All in all, the conclusive results from the Top31Million-probable-WPA.txt wordlist, which I used, are as follows:
=== Top 5 Longest Passwords ===
supercalifragilisticexpialidocious
e10adc3949ba59abbe56e057f20f883e
messien22d2e06bea482ab14e65579d6
lowcrawlbda2f65cb61aee399b1e15a8
hubblebcb47fb5bdfc28a8a562af79d0
=== Top 5 Most Complex Passwords ===
"><script>alert(1)</script>
chloro-1-nitrosocyclohexane
2k-wolfgang.guckelsberger
<script>alert(1)</script>
hahk5@somethingtochatwithThe most complex one had to be drafted by a Cyber Genius. HAH!
If you’re testing the script and close/cancel it half way, no worries. The script is made to update the output results as it runs, so you will still have something to evaluate if you halt the execution.
Not as trivial as it seems, does it?
What next would you add to these findings?
Happy Researching!
