Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×

GPUs Used To Crack WiFi Passwords Faster 189

MojoKid writes "Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a 'proprietary GPU acceleration technology,' which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. ElcomSoft positions the software as a way to 'audit' wireless network security."
This discussion has been archived. No new comments can be posted.

GPUs Used To Crack WiFi Passwords Faster

Comments Filter:
  • But brute force-password guessing isn't a problem if you a choose a long enough password with a large enough character set - letters, numbers, symbols. My WPA password is larger than 15 characters. Good luck without a Beowulf cluster of those -- and even then, it better have a LOT of those GPUs.

    • by Anonymous Coward on Thursday January 15, 2009 @08:50AM (#26464725)

      My WPA password is larger than 15 characters.

      Isn't best practice greater than 32 for WPA? The maximum is 63 I believe.

      • I hadn't heard that, but a totally random 63 character password would be ideal, yes. Note that I didn't say how much greater it is than 15. ;) But anything over 15 characters is probably secure enough for most home users.

        • Comment removed (Score:4, Insightful)

          by account_deleted ( 4530225 ) on Thursday January 15, 2009 @09:11AM (#26464973)
          Comment removed based on user account deletion
          • In this case I hope you are paying your team of armed guards well and trust that they won't betray you ;)

            I have a mote populated with sharks -- with friggin' LASER BEAMS attached to their heads!

            • by ShieldW0lf ( 601553 ) on Thursday January 15, 2009 @10:15AM (#26465819) Journal

              Maybe I'm dense, but how the hell does flooding a wireless card with brute force dictionary attacks bottleneck on computation speed? You create your dictionary, once, you stick it on a hard drive, you stream it at your target through the wireless networking card, you wait.

              This product seems like a bunch of bullshit to me. Even if they did come up with some particularly clever algorithm for creating more effective dictionaries and speed it up GPUs, there's no need to recreate a dictionary every time you're doing a brute force attack.

              • by wastedlife ( 1319259 ) on Thursday January 15, 2009 @10:31AM (#26466053) Homepage Journal

                From the product website:

                Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text.

                TFA is misunderstanding the way the app functions, it listens to the network until a certain amount of information has been sent, then attempts to decrypt that data locally. Sending wave after wave of login attempts is easily detectable and would almost certainly bottleneck somewhere at the network level before CPU.

            • Comment removed based on user account deletion
          • by skeeto ( 1138903 )

            No organization on earth is going to be able to brute force a 15 character password (over 98 bits as you mention) made of randomly generated printable ASCII characters. Not for decades.

            Even brute forcing 8 characters (over 52 bits) would require a modestly funded organization. Breaking your WPA key just wouldn't be worth the thousands of dollars to do it. It would be much easier to pick your locks while you are away at work and read the key directly from the router's memory.

            32 randomly generated printable A

          • Strong passwords / keys for WPA is not much of a burden. You only have to enter the damm things once. I use a random 32 character hex string as my key. I wrote it down and stored it in a known location. I also have it stored in an old USB drive in a text file. I have to enter it far more than most people, as I dogfood WIndows releases, flattening my notebook each time. Thus I have to reinitialize it for my home WPA network each time I rebuild it. I am not worrying about brute force attacks against 128 bit k

        • by Ihmhi ( 1206036 )

          I have a question about this. What if the wifi password contains a coherent sentence? Do brute forcers search for specific words in specific orders?

          My old wifi password was:

          yestheydeservedtodieandihopetheyburninhell!1

          Adding some more random symbols and numbers in there would make it stronger, yes. What if it were:

          yes!1they@2deserved#3to$4die%5and^6I&7hope*8they(9burn)0in_-hell+=!<>

          As you can see, I basically hit Shift and went down the number row between the words. There is very much a recogni

          • Re: (Score:3, Interesting)

            by plover ( 150551 ) *

            The old (very old) password cracking programs I've played with allow the user to set up rules to guide guesses. You'd fill out a series of patterns, and if possible base them on passwords you know your target has used in the past. For example, I knew a friend commonly substituted digit 1 for letter i, so added a rule of s/i/1/ to the list of modifications to dictionary words. (I eventually found his password was k3rm1t.)

            Like most things, the answer of "is your security weaker" is "it depends". You ce

            • by Ihmhi ( 1206036 )

              Well, that's an old one. It has no real effect on what my new password currently is. That thing is like... 2 years old?

              The point is, if you didn't know that info - that it's a movie quote, etc. - and you're completely blind, would there really be much of a noticeable difference? Could it be quantified in time necessary to crack it?

              To modify that old "make the other guy die for his country" quote, I don't necessarily want to aim to make my wireless secure, just way more secure than my neighbor's. Why hop ont

    • Re: (Score:3, Interesting)

      by sakdoctor ( 1087155 )

      Since you generally never have to type a WPA key in, might as well go for maximum entropy.

      https://www.grc.com/passwords.htm [grc.com]

      • by Spazztastic ( 814296 ) <spazztastic @ g m a i l.com> on Thursday January 15, 2009 @08:57AM (#26464807)

        Since you generally never have to type a WPA key in, might as well go for maximum entropy.

        https://www.grc.com/passwords.htm [grc.com]

        Or not even using something that is transmitted over the internet and is TRULY random:

        dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

        Credits go to someone from the Stupid (Useful) Linux tricks thread.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Not to be picky but you would need to use /dev/random and have enough entropy to make this TRULY random (assuming we live in a non-deterministic universe).

        • Re: (Score:3, Informative)

          by AlXtreme ( 223728 )

          Or not even using something that is transmitted over the internet and is TRULY pseudorandom:

          There, fixed that for you.

          • Or not even using something that is transmitted over the internet and is partly pseudorandom:

            There, fixed that for you.

            AFAIK, ive only read a few mans here, but urandom will use all the random avalible in random iff it runs out it will use the PRNG to extend it so both of you are wrong

        • dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

          Don't use that, I use that as a password already!

        • by chill ( 34294 )

          Who are you really and what type of stunt are you trying to pull here!

          chill@E520:~$ dd if=/dev/random bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

          0+1 records in
          0+1 records out
          8 bytes (8 B) copied, 5.73129 s, 0.0 kB/s
          P

          chill@E520:~$
          chill@E520:~$ dd if=/dev/random bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo
          0+1 records in
          0+1 records out
          8 bytes (8 B) copied, 4.90066 s, 0.0 kB/s
          Qd

          A password of "P"?! Or a password of "Qd"?!!

          [Okay, for those that don't get the humor. The dd command gene

          • by Nutria ( 679911 )

            The dd command generates 200 binary bytes of random data and the tr command strips out the valid password characters.

            So you'd think. But it works for me...

            $ dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo
            1+0 records in
            1+0 records out
            200 bytes (200 B) copied, 0.000290517 s, 688 kB/s
            N2^YH+085R!PwMC0VinHSsFP+Zf#GKoyyG#Fs)%QFl9$YOjz$%85dD

            • by chill ( 34294 )

              Ummmm... you missed my comment about random didn't you. The length output by the command is random. Run it 10 times and see what you get.

              Oh, and change the "/dev/urandom" to "/dev/random" for true randomness.

              • /dev/random is the reason you were getting short keys.
                using /dev/urandom about 50 times didnt give any short keys

                if you insist on using /dev/random, not really much point as you can just change your keys if the algorithm is found wanting, then you have to check that there is enough entropy "cat /proc/sys/kernel/random/entropy_avail" before you run it

                • /dev/random is the reason you were getting short keys.

                  Does dd *really* terminate when /dev/random doesn't have enough data to serve? I would have thought that reads on /dev/random would block until it had enough data to serve the request.

              • by Nutria ( 679911 )

                Ummmm... you missed my comment about random didn't you.

                Must have.

                The length output by the command is random. Run it 10 times and see what you get.

                I got some short ones, just like you. Wiggling the mouse juiced up the entropy, though.

        • I prefer this:

          perl -pe 's/[^[:print:]]//g;' </dev/urandom

        • You're not fooling me. You're just interested in discovering the states of our PRNGs!

      • Comment removed (Score:5, Informative)

        by account_deleted ( 4530225 ) on Thursday January 15, 2009 @08:58AM (#26464815)
        Comment removed based on user account deletion
        • Re: (Score:3, Insightful)

          by necro81 ( 917438 )

          I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords? How do you know they are generating them with real entropy?

          If you are worried about it, but still don't want (or for some reason, can't) generate a random character string locally, you could always have the website generate several passwords, then combine them yourself in some random way. For instance, you could swap blocks from eac

          • by evanbd ( 210358 )
            If you're worried about the source or transmission channel being compromised (or malicious) you've just inserted *several* bits of entropy. A good password needs 64 bits or more if you want to protect against this sort of attack. A presumed compromised source of random data supplies zero bits of entropy. This is really something you need to do on your own machine, if not manually. Rolling dice just isn't that hard.
        • "cleftcamsynodlacyyr" How did they guess my PASSWORD!!??!
        • Re: (Score:3, Insightful)

          by radish ( 98371 )

          For something like a WPA passphrase (it's not really the key) the actual amount of "randomness" isn't important provided whatever you use isn't in whatever dictionary the attacker is using. Once the dictionary attack is exhausted they're going to have to move onto simple one-by-one testing, and being "more random" or "less random" has no real meaning. Eventually they'll hit the right one, it's just a matter of how long that takes, which is a matter of luck and what order they test them in :)

          • by evanbd ( 210358 )
            Modern guessers start modifying the dictionary and evaluating things in a prioritized order based on how far away they are from it. Until your password bears no visible relationship to the dictionary, you're too close; it's not just a simple in vs out question. If you care about your password, you need to make a serious evaluation of how many bits of entropy it contains, and assume the attacker can guess in a priority order that will limit its effectiveness to that many bits. If you only have 30 bits of
            • by radish ( 98371 )

              Oh I agree, I think maybe I wasn't clear. Obviously your password has to look *nothing* like anything in the dictionary, that's a given. I was just saying that using one prng vs another slightly more random one won't make a lot of difference. You don't need a cryptographically strong rng for generating a passphrase.

              • That said, a cryptographically strong rng won't hurt. KeePass includes one, and is good for storing all those passwords, /dev/random is one if you just need to generate them. When they're that easy to get and use, why not use one?
        • by rob1980 ( 941751 )
          I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords?

          To what end, though? Gibson is probably too busy trying to scare everybody with latest_security_hole_02782 to bother to hack into your wireless router anyway.
        • by dubbreak ( 623656 ) on Thursday January 15, 2009 @11:57AM (#26467913)

          You can generate them offline and with a good set of dice you get real entropy.

          I think we have a different definition of "good set of dice". My set of dice are "good" if they roll 20's consistently.

        • Re: (Score:3, Insightful)

          by cbiltcliffe ( 186293 )

          I question why the hell anybody needs to have someone/something else generate a random password for them.

          Can't you do it yourself? You've got 5 fingers on 1 hand. You've got a second hand. You've got a keyboard.

          Just go KJNo867f*P7gP*&%o86fv:(O*& for shit's sake.

      • Re: (Score:3, Informative)

        Take anything that Steve Gibson claims with at least a grain of salt, preferably a whole shaker [google.com].

        This is the same person that flat out accused Microsoft of putting the WMF exploit in Windows purposely so they'd have a way to get into any system. He had to backpeddal quickly from that claim.

        Pardon me if I don't trust his judgment or his code.

    • Re: (Score:3, Informative)

      by jellomizer ( 103300 )

      guessmypassword
      123456789111111
      012345

      isn't a good password.
      Most Brute Force attacks are a little smarter then 1,2,3,.....,ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
      Lets go threw the dictionary first (Caps on, Caps Off and caps with the first letter and without it).
      Lets go threw the dictionary and followed by numbers between 0,99999999
      Do the same with the numbers prefix the dictionary word.
      Try Numeric Combinations.
      Try Alpha Combinations.
      Finally try every

      • guessmypassword
        123456789111111
                                            012345

        isn't a good password.

        That's why you gotta read my whole post -- you need letters, numbers and symbols. Mixed case also. My password is also not based on a dictionary word and means something only to me.

        • You need letters, numbers and symbols. Mixed case also.

          If you follow such a formula black hats know more about your password than if you don't, so their brute force attacks from 10,000 node botnets just got exponentially faster. You made the key space smaller when you eliminated all possible passwords that do not contain letters, numbers, symbols and mixed case.

          My password is also not based on a dictionary word and means something only to me.

          That's a far better strategy.

          Myself, I ignore all "rules" and "formulas" for password generation and use 64 characters or more for important passwords. Until this became possible (I'm old) I always use

      • Re: (Score:2, Funny)

        by Anonymous Coward

        Lets go threw the dictionary first ...
        Lets go threw the dictionary and ...

        Please quit throwing dictionaries. Those things are heavy and they hurt.

  • ElcomSoft Wireless Security Auditor runs on Windows NT SP4, Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The software ordinarily sells for $1,199, but is currently selling at half price ($599.5) until March 1, 2009.

    And just in time for getting blogged about!

  • Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0...

    "Just" released? Like, a month [arstechnica.com] ago? Or was that just the announcement?
    I think the key point with all this, though, is just don't use dictionary words in your passwords... for anything... ever. The same company makes software for all kinds of password systems, so just don't do it.

    without dictionary words being involved, cracking is still quite intensive: perhaps three months to crack a lowercase-only random eight-character password using a PC with two Nvidia GTX 280 video cards.

  • Auditions (Score:5, Funny)

    by Thanshin ( 1188877 ) on Thursday January 15, 2009 @08:52AM (#26464759)

    Heavy machine guns!

    Audit your neighbors' dodge skills.

  • Full disclosure (Score:5, Insightful)

    by plover ( 150551 ) * on Thursday January 15, 2009 @08:53AM (#26464761) Homepage Journal

    People who whine about these being "irresponsible" or "bad for security" always seem to forget that the bad guys may already have written stuff like this and are putting it to use. By publishing this software, it makes everyone aware that it's never safe to turn a blind eye to poor security practices.

    If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process.

    • by hacker ( 14635 )

      "If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process."

      Until 3 hours later when THAT password is now cracked.

      Lather. Rinse. Repeat.

      • "If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process."

        Until 3 hours later when THAT password is now cracked.

        Lather. Rinse. Repeat.

        Or then implement WPA2 enterprise that authenticates against your Active Directory or RADIUS domain with blacklisting against MAC addresses that aren't registered to that user.

        • Great idea! I actually do that. Now, how do I allow my Wii or PSP to use my wireless network?

        • Or then implement WPA2 enterprise that authenticates against your Active Directory or RADIUS domain with blacklisting against MAC addresses that aren't registered to that user.

          Mac addresses are easily spoofed. RADIUS can also be brute forced. You also have to use IPSec to encypt the RADIUS message and use strong passwords.

      • by jcuervo ( 715139 )

        Until 3 hours later when THAT password is now cracked.

        Hours?

    • by Jurily ( 900488 )

      People who whine about these being "irresponsible" or "bad for security" always seem to forget that the bad guys may already have written stuff like this and are putting it to use. By publishing this software, it makes everyone aware that it's never safe to turn a blind eye to poor security practices.

      Absolutely. However, they also make it easy for casual attackers. Never underestimate a horde of script kiddies with a good script.

      • so should we ban the sale of lock picking kits, books, and locksmithing educational resources? after all, such information can help criminals as much as they help legitimate professionals.

        the way to ensure security is to test the system rigorously, not to discourage the testing of such systems. and the best way to facilitate such security auditing is for the security community to share information and penetration testing resources with one another and foster public discourse.

        ultimately, this type of brute-f

      • by plover ( 150551 ) *

        Never underestimate a horde of script kiddies with a good script.

        My point is that horde is acting as the advertisement and providing the impetus for getting the problems fixed. But the problems are never created by the tools, they're just exacerbated by them.

        That's why we should celebrate these cracks, and take advantage of them. If my boss sees a news article that says "Hackers crack bad WPA passwords", I know he'll email me asking me to tell him how we generate our passwords. If I say, "I opened the dictionary to a random page and wrote down the first three words

    • Re: (Score:3, Interesting)

      by kabocox ( 199019 )

      If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process.

      Until 10 minutes later the CEO calls the head of IT and has them change the WAP password back to Password1 so he can log in. It's nearly a known fact that managers can't type passwords longer than 8 characters successfully. 16 character or longer passwords b

  • I'm confused (Score:2, Offtopic)

    by grizdog ( 1224414 )

    First off, does this kind of approach work against any rationally designed secure software? All that would seem to be needed to defeat this is for the the login procedure to have a few seconds of delay before it responds yes or no, and no speedup in the guessing will help. This is why we have shadow password files, right? Or have I just been using *nix too long?

    Also, I've seen people using GPUs in all sorts of non-graphics computation environments for some time now. When push comes to shove, is this j

    • by Ciarang ( 967337 )

      You're confused because you're thinking in terms of a login system, not encrypted data which you can easily see. (i.e. it's transmitted 'at you')

      In simple terms, once you've intercepted some data you can have as many attempts as you like to find the right key to decrypt it.

  • If your wireless network encryption key can be cracked by a laptop, you're not doing it right.

    Choose a longer key, and for god's sake, don't use WEP.
  • ...to run 'generic' GPU applications. They just make things simpler for people not used to working with GPUs. Back in 2005 (can't recall) I wrote a computer vision algorithm (a simple multi-gaussian system) that uploaded live security video as a set of conglomerated images in a given texture size and output motion maps, just using early pixel shaders on an ATI 9700PRO (old even at the time.) It wasn't hard, although faking arrays via textures was a pain in the rear. ;)

    • ...to run 'generic' GPU applications. They just make things simpler for people not used to working with GPUs.

      indeed. see gpgpu.org which is mostly focused on using opengl and directx to do this.

  • by Scott Lockwood ( 218839 ) * on Thursday January 15, 2009 @09:28AM (#26465171) Homepage Journal

    The real problem is using WPA with pre-shared keys - that's what this can really do some damage with. That, and they used it to set up a fake root CA. Um, this is almost a month old. WTF? Slashdot: Where you hear it last!

  • by Adam Hazzlebank ( 970369 ) on Thursday January 15, 2009 @09:43AM (#26465377)
    I'd say it's particularly unlikely that it's using OpenCL seeing as there are no working implementations yet (unless someone knows better?)
    • by Creepy ( 93888 )

      To be honest, I doubt it's difficult to write a proprietary shader without a GPU programming language for this since the GPU really only can be used to offload the hash computation (using the PSK and passphrase). The real trick is packing and passing data (say passwords) to that shader for processing efficiently, and that could be done in a variety of ways (e.g. stuffing them in a texture or a vertex buffer object).

      The real limitation is probably the network interface once you have an efficient way of gene

    • This might be a stupid question... but how come none of these GPU acceleration schemes utilize the shitty onboard graphics that come with many motherboards?

      I know that onboard 3D graphics are vastly inferior to a discreet card, but it can't be completely useless.

      • Well, it's because these are usually CUDA (nVidia only) or CTM (ATI/AMD only). Onboard chips are almost always Intel or VIA, although both nV and ATI chips are occasionally put onto boards as well.

        The good answer is that nobody's written CUDA/CTM/Brook+/OpenCL/etc. support for Gallium yet.

    • Until an implementation of OpenCL is out, CUDA is probably the only other mid-level GPGPU language that can represent byte-oriented binary operations.

      (Perhaps using lower-level stuff like ATI's CTM/CAL too, but I'm not used to that).

    • My guess is that it was written in GLSL or HLSL, as those are the only shading languages that are high-level and that work on both ATI/AMD and nVidia offerings. (For now.)

  • Isn't there a way of taking a prime number and converting it to ascii? I'm not a software guy, so I use to go to computer services (when I was in uni) and get them to generate a password for me. I have accumulated 8 passwords. Now I just rotate through them. Is this a good idea? Cheers for any advice.
  • How many of their employees are going to get arrested [wikipedia.org] for this one?
  • Great Program (Score:5, Informative)

    by JimmyRay_TWTV ( 1453481 ) on Thursday January 15, 2009 @10:04AM (#26465631) Homepage
    I tested this program for a upcoming show and I really liked it. The cost is high for most regular folks, so it is geared more towards Government/Commercial. For a nice open source option, I also recommend Pyrit. I had a few issues importing Aircrack files, but most of those have been resolved.
  • Brute Force? (Score:3, Interesting)

    by Fnord666 ( 889225 ) on Thursday January 15, 2009 @10:10AM (#26465745) Journal

    ... does is perform brute-force dictionary attacks of WPA and WPA2 passwords.

    I tried using a non brute force dictionary attack on an encryption key once. I just tried every third word in the dictionary. It didn't seem to work as well as trying them all. In other words, there are brute force attacks and there are dictionary attacks, but there are no brute force dictionary attacks.

    • A brute force dictionary attack tends to run through the entire dictionary with various prefixes,suffixes, numbers, capitalizations and even word combinations.

    • Sure there is.

      for example, your dictionary has

      12345678
      password
      helloworld
      computer

      now you tested those passwphrase using a dictionary attack and they failed. So you know for sure these are not the passphrase. They can then be removed from the brute force efforts so you don't test the same thing twice.

  • May I suggest adding a reference to the GPL-licenced software pyrit [google.com] in the summary? It might be useful for people to know that a) Elcomsoft is not the first to implement this and b) a free software implementation exists (currently only for NVIDIA, but they are planning ATI support).

  • I use them to "audit" my neighbor's front door security.

    Ok, so now tell me who the real target customer for this product is.

  • CoWPAtty can already do 18,000 keys/s , while this might help in generating the hashes its probably worth working out a hash table for your victim the night before anyway.

  • ElcomSoft positions the software as a way to 'audit' wireless network security."

    ElcomSoft positions the software as a way to 'audit'your neighbor's wireless network security."

  • CUDA and Stream *ARE* proprietary...

    • One of their tech guys was on the CUDA programming forum, so I assume they used CUDA for NVIDIA. Not sure why the article assumes that the "proprietary process" assumes the interface language is proprietary. I assumed it meant their method/algorithm was proprietary (given the fact that they patented it, they probably want to make it seem unique).

Decaffeinated coffee? Just Say No.

Working...