Comments on: Brute force attacks against WPA/WPA2 using Nvidia cards

By: ZeeLaG

ZeeLaG — Wed, 07 Jul 2010 18:48:49 +0000

ok you can take off the cost that it takes for the Elcomsoft’s software. cause you can get it for FREE!!!! but illegally free. but if you going to get a software the cracks passwords and use it for illegal purposes than what is the point? so just get a good enogh computer with good amout of RAM and a Great GPU and youll set..

Software is always FREE but when it comes to the hardware…. that when you have to PAY!!

By: Orion

Orion — Wed, 04 Mar 2009 13:53:58 +0000

It’s true that right now this is such a big deal,

but what about abut custom build FPGA boards , those are relativley simple to build and should decrease time considarebly??

By: Elcomsoft’s Smoke & Mirrors | The Tech Mango

Elcomsoft’s Smoke & Mirrors | The Tech Mango — Fri, 05 Dec 2008 00:35:53 +0000

[...] one keen commenter pointed out, the reality and sheer mathematics behind it is mind boggling. WPA2 can be 63 characters using [...]

By: Jeff Martens

Jeff Martens — Sun, 19 Oct 2008 18:36:11 +0000

100-fold speed up is just under a factor of 2^7. So this is like reducing a 256 bit key to 249 bits. Not a big deal.

By: windexh8er

windexh8er — Tue, 14 Oct 2008 12:23:10 +0000

Martin,

Basically! Schneier ran a post this morning about it as well. The jist is – weak passwords are weak. The 100 fold increase doesn’t really buy us much, unless minutes are crucial.

–windexh8er

By: Network Security Blog » Doing the math for WPA cracking

Network Security Blog » Doing the math for WPA cracking — Mon, 13 Oct 2008 13:15:33 +0000

[...] I didn’t have the time on Friday to look deeper into the real time requirements to hack a WPA password using Elcomsoft’s new tools. I knew the time needed was considerable, but I didn’t realize exactly how long [...]

By: ElcomSoft ar NVIDIA grafiskaj?m kart?m var uzlauzt WPA un WPA2 wifi t?klus | Pods.lv

Sat, 11 Oct 2008 10:53:22 +0000

[...] V?l šo to intersantu no t?klu droš?bas speci?listiem var palas?t mckeay.net blog?. [...]

By: Martin

Martin — Fri, 10 Oct 2008 21:51:29 +0000

So basically, what you guys are telling me is that unless someone is a complete idiot when it comes to securing their wireless network, this shouldn’t make one whit of difference to them. If they’re an idiot, this still won’t make a difference.

Martin

By: Steve

Steve — Fri, 10 Oct 2008 20:14:08 +0000

Theory:
63 characters using lower case, upper case,numbers,symbols, provides 94 choices for each character. if I use a 63 character password, that 63 character password could be one of 1.9 * 10 ^126 possible choices. If you want to have a 100% chance of brute forcing this key in one year one would still need to execute 6*10^118 trys a second.

Implementation:
It would be faster to attack the 256 bit hash as this only has 1.1*10^77 permutations. So if one could issue 3.6 *10^69 commands per second one could guarantee a break in one year. Lets assume that it takes 10 flops (floating point operations) to test one key. As of August SETI@HOME is executing an average of 150 terra-flops (150*10^12). Therefore one would still need ~ 2.5 *10^56 SETI@HOME projects to break one key in one year.
The most efficient computer uses 2.8 watts per GFLOP. Therefore it would take 2.5*10^59 watts to break one key. Since the average usages of power for all people on the planet is 15 TW we would need 1.5*10^46 times the current power output of the planet to break one key.

I think my key is safe.

By: windex8er

windex8er — Fri, 10 Oct 2008 19:22:36 +0000

Sorry, my bad… Max is 63 characters for WPA!

And here’s another good reference (scroll to the end and read the @$$ covering section if you don’t want to read the other stuff):

http://www.renderlab.net/projects/WPA-tables/

I haven’t seen any of my clients using WPA PSK — so big corporate espionage is relatively unlikely. Most use a PEAP solution from what I’ve seen. If a business is using PSK they better have a darn good reason to be doing so! Considering I won’t even do it at home…