Print 65 comment(s) - last by Oregonian2.. on Jan 19 at 2:35 AM

  (Source: Elcomsoft)
Make sure your WPA/WPA2 passwords are good ones

GPU-powered general-purpose computing is causing all sorts of security nightmares these days, and wireless access points secured with WPA seem to be the latest victim. Elcomsoft, of “Advanced eBook Processor” fame, released a proprietary WPA/WPA2-PSK cracker that uses GPUs to brute force passwords in record time.

Elcomsoft claims its software can try almost 16,000 passwords per second (p/sec) with a single Radeon HD 4870, using an “advanced dictionary attack” that mutates entries from a master wordlist. Advanced hardware, such as the NVIDIA Tesla S1070 GP-GPU, raises the password rate to more than 52,000 p/sec – compared to an Intel Core 2 Quad Q6600 CPU, which clocks at 1,100 p/sec.

The program, known as the “Elcomsoft Wireless Security Auditor”, claims it was designed for network administrators and IT personnel seeking to audit internal security, as well as external penetration testers and other “white hat” hackers.

While brute-force and dictionary attacks are nothing new, Wireless Security Auditor appears to be one of the most efficient solutions available. To work, it requires a tcpdump-formatted communications dump with at least one handshake packet. Elcomsoft says all processing is done off-line, and is completely transparent to the targeted network.

HotHardware notes that the way Elcomsoft phrases its “proprietary” dictionary engine most likely means that it doesn’t use third-party programming interfaces such as OpenCL, CUDA, or Stream.

Despite the massive improvements in scalability and processing power that GPUs offer compared to regular CPUs, a full-scale brute-force attack against all but the weakest of WPA passwords is still infeasible – the amount of time required to brute-force a 10-digit password, assuming the entire ASCII character set and the same password rate, would still take a Radeon HD 4870 over 2 trillion years. Even with optimizations – such as narrowing the possibilities down to 0-9 and the upper/lower cases of the English alphabet – the number of GPUs required to crack it within a year lies in excess of 1.6 million.

Elcomsoft lists Wireless Security Auditor for $1,199, however the software it is currently priced at $599.99 until March 1, 2009.

Late last year, security researchers announced that they were able to break weak SSL certificates using the computing power of 200 PlayStation 3s over a handful of weekends. The attack only applied to SSL certificates signed with an MD5 hash, as opposed to the more-secure SHA1 or SHA2 algorithms, but its effects are devastating: once cracked, the attacker can impersonate the certificate signing authority and generate fully trusted SSL certificates for any domain, for any browser that trusts certificates signed with MD5.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Strong passwords...
By Tsuwamono on 1/16/2009 8:38:06 AM , Rating: 0
I do that and i store it on a jump drive in my house. They would have to break into my house to steal the jump drive. Good luck with that when i have a dog in the house. Nobody would be stupid enough to try to rob me when they look in and see Katanas on the walls and a dog dish 3 times the size of a humans bowl lol.

RE: Strong passwords...
By ebakke on 1/16/2009 9:23:36 AM , Rating: 5
Good luck with that when i have a dog in the house.
Where did you get your bulletproof dog? I'd like one myself.

RE: Strong passwords...
By George Powell on 1/16/2009 9:39:58 AM , Rating: 2
Don't need to harm the dog, just bring 3 tins of dog food.

As an aside, those strong passwords are great for securing WPA networks, however for general purpose security they are not particularly practical.

RE: Strong passwords...
By on 1/16/09, Rating: -1
RE: Strong passwords...
By dflynchimp on 1/16/2009 9:29:06 PM , Rating: 1
a new account?! oh you have to be kidding me...

RE: Strong passwords...
By Chocobollz on 1/16/2009 9:33:53 PM , Rating: 2
Yeah and next time he will make some id like 'PLAYSTATION THREE 6 0' and he will start screaming, hahahaha!

RE: Strong passwords...
By Dark Legion on 1/17/2009 12:39:31 AM , Rating: 2
Yeah, this time its -1 ratings all the way! No more -.96 for him.

RE: Strong passwords...
By Chocobollz on 1/16/09, Rating: -1
RE: Strong passwords...
By jlips6 on 1/18/2009 5:49:50 PM , Rating: 1
all fighting is conceptualized. Anything stating: "then, I'll ..." is completely worthless.

RE: Strong passwords...
By FITCamaro on 1/16/2009 10:05:19 AM , Rating: 5
Actually I think the katanas on the wall would make it more likely they'll rob you. Typically geeks are into those things.

RE: Strong passwords...
By Murloc on 1/16/2009 3:21:49 PM , Rating: 2

RE: Strong passwords...
By ZmaxDP on 1/16/2009 12:01:35 PM , Rating: 5
Are you suggesting that you've trained your dog to use Katanas? I must admit, if I broke into your house and a 100+ pound dog came charging after me on his hind legs wielding dual Katanas with his front paws, I'd get the F out of there because clearly something freaky was going on...

RE: Strong passwords...
By ZmaxDP on 1/16/2009 12:02:14 PM , Rating: 4
Come to think of it, it would be even weirder if it was a 6 pound Chihuahua...

RE: Strong passwords...
By Kugar on 1/16/2009 3:31:37 PM , Rating: 2
Teenage Mutant Ninja Dogs?

RE: Strong passwords...
By achintya on 1/16/2009 3:41:59 PM , Rating: 2
I was literally laughing my ass off after reading this comment!

RE: Strong passwords...
By semo on 1/17/2009 7:46:25 AM , Rating: 2
I was literally laughing my ass off

what does that even mean... or look like?

will security become meaningless when/if qubit computers become reality?

RE: Strong passwords...
By radializer on 1/16/2009 5:01:48 PM , Rating: 2
I'm trying really hard not to burst out laughing and shock the denizens of my cubefarm

The post deserves a 6 for pure comic value!

"If you mod me down, I will become more insightful than you can possibly imagine." -- Slashdot

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki