Hello,

I was wondering what the most amount of time you would allocate during a pen test to bruteforcing?  As an example, if you discover a vpn router and are able to catch the handshake, what's a reasonable amount of time to spend bruteforcing the PSK?  What about if you get ahold of the hashes on a box?

Thanks in advance.

just turn on the brute forcer and continue with other things. it it comes up with a password focus on it again, if not report that you tried and did not come up with results within the allocated time. Remember to state that it is not a guarantee that the VPN is safe from bruteforcing, and recommend to always use a strong password.

but you take the gamble what they didn't use a strong password.

I ran a dictionary attack first and then let a bruteforcer go for 5 days.  I'm thinking it's not a simple password.  I was just originally curious what would be an acceptable length of time.


lol, thats pretty oudated, even if you do it with your CPU, assuming you use a multi-code. for more information about GPU cracking, read up on this:


Yeah, I'm new I guess, just looking at better ways to work.  Thanks for the link!