Print 65 comment(s) - last by Oregonian2.. on Jan 19 at 2:35 AM

  (Source: Elcomsoft)
Make sure your WPA/WPA2 passwords are good ones

GPU-powered general-purpose computing is causing all sorts of security nightmares these days, and wireless access points secured with WPA seem to be the latest victim. Elcomsoft, of “Advanced eBook Processor” fame, released a proprietary WPA/WPA2-PSK cracker that uses GPUs to brute force passwords in record time.

Elcomsoft claims its software can try almost 16,000 passwords per second (p/sec) with a single Radeon HD 4870, using an “advanced dictionary attack” that mutates entries from a master wordlist. Advanced hardware, such as the NVIDIA Tesla S1070 GP-GPU, raises the password rate to more than 52,000 p/sec – compared to an Intel Core 2 Quad Q6600 CPU, which clocks at 1,100 p/sec.

The program, known as the “Elcomsoft Wireless Security Auditor”, claims it was designed for network administrators and IT personnel seeking to audit internal security, as well as external penetration testers and other “white hat” hackers.

While brute-force and dictionary attacks are nothing new, Wireless Security Auditor appears to be one of the most efficient solutions available. To work, it requires a tcpdump-formatted communications dump with at least one handshake packet. Elcomsoft says all processing is done off-line, and is completely transparent to the targeted network.

HotHardware notes that the way Elcomsoft phrases its “proprietary” dictionary engine most likely means that it doesn’t use third-party programming interfaces such as OpenCL, CUDA, or Stream.

Despite the massive improvements in scalability and processing power that GPUs offer compared to regular CPUs, a full-scale brute-force attack against all but the weakest of WPA passwords is still infeasible – the amount of time required to brute-force a 10-digit password, assuming the entire ASCII character set and the same password rate, would still take a Radeon HD 4870 over 2 trillion years. Even with optimizations – such as narrowing the possibilities down to 0-9 and the upper/lower cases of the English alphabet – the number of GPUs required to crack it within a year lies in excess of 1.6 million.

Elcomsoft lists Wireless Security Auditor for $1,199, however the software it is currently priced at $599.99 until March 1, 2009.

Late last year, security researchers announced that they were able to break weak SSL certificates using the computing power of 200 PlayStation 3s over a handful of weekends. The attack only applied to SSL certificates signed with an MD5 hash, as opposed to the more-secure SHA1 or SHA2 algorithms, but its effects are devastating: once cracked, the attacker can impersonate the certificate signing authority and generate fully trusted SSL certificates for any domain, for any browser that trusts certificates signed with MD5.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Security question
By lemonadesoda on 1/16/2009 10:08:49 AM , Rating: 2
The key issue here (lol) is that the hacker has "sniffed" a packet or two of data. Using this data, the algorithm uses brute force methods to decypher. Once decyphered, it THEN attacks (spoofs to) the router.

The hacker does NOT attempt trail password combinations to the router directly. It only connects to the router AFTER is has the solution.

RE: Security question
By AlexWade on 1/16/2009 11:59:34 AM , Rating: 2
Let me see if I understand you correctly: I, a hacker, intercepted some wireless data, but encrypted. I know what encryption is because, well, Windows will tell what encryption is used if nothing else is used. So then I use my computer to brute-force break intercepted data on my machine. Is that correct?

That leads me to another question, how do you know that you broke the encryption?

RE: Security question
By TomCorelis on 1/16/2009 2:04:23 PM , Rating: 2
Correct. Johnny Hacker will need to use his laptop to sniff some data from your network. Then, he will have to go home and run the data against his software, presumably on a machine with a GPU or three.

Regular TCP/IP communications follow a standard protocol. I'd guess that the program knows that its cracked once it can recognize the protocol... otherwise its just looking at more random data.

RE: Security question
By Oregonian2 on 1/16/2009 3:04:23 PM , Rating: 2
Doesn't the encryption key change every half hour or so in WPA2, or is that something else.

RE: Security question
By TomCorelis on 1/17/2009 3:07:14 AM , Rating: 2
Not in -PSK implementations. PSK = "Pre-Shared Key"

"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki