techieguy your post is complete and utter bullsh*t..
1. yes there are (26+26+10)^8 theoretical combinations for a WPA/2 passphrase however the owner of the AP may not have been smart enough to change his passphrase to something like Iiss1337 which contains numbers, lower_alpha and upper_alpha and indeed something longer than 6 chars. it is far more likely, due to human tendencies, to choose a password someone can remember, eg a word with only letters in. which we can cover with a dictionary file!
if the dictionary attack fails we have to resort to brute force.
The if someone has bought a router from a specific ISP eg. sky (im from the uk) then the passphrase is guaranteed (if it hasnt been changed) to contain only upper_alpha characters. i am not sure about other ISPs but i think this is true for sky routers/APs. so the poss combinations is "only" 26^8 (in this specific example).
2. its always good when cracking to use a dictionary file first.... cheaper in terms of electricity and computational power... plus i would be kicking myself if i found out that the APs passphrase was "password" (in any dictionary file) after waiting hours by doing a brute force.
3. 500 k/s is very slow... i can usually achieve around 1000 k/s using my 4gb ram and 2ghz processor speed. p/s will get bigger and bigger the more ram and proc. speed you have.
It is poss to use this along with GPU cracking if you have a graphics card (Nvida, Radeon etc) using a program called pyrit. ive seen people achieve speeds of well over 20,000 p/s and you can speed this up further by using cowpatty which uses procomputed hashes of all the passphrases in a list (could be every poss combination) based on a specific APs BSSID/ESID. This reduces the time to hours
also you can pay to have the handshake cracked online (few hours ~$20 last time i checked)
aircrack-ng suite, cowpatty, pyrit, proper penetration-testers and hackers