ElcomSoft uses NVIDIA GPUs to speed up WPA/WPA2 brute-force attack

ElcomSoft uses NVIDIA GPUs to speed up WPA/WPA2 brute-force attack

Summary: Russian security firm ElcomSoft has released software that leverages NVIDIA GPUs to speed up the brute-force cracking of WPA and WPA2 pre-shared WiFi keys.

SHARE:

Russian security firm ElcomSoft has released software that leverages NVIDIA GPUs to speed up the brute-force cracking of WPA and WPA2 pre-shared WiFi keys.

Here's the meat from the press release:

ElcomSoft uses NVIDIA GPUs to speed up WPA/WPA2 bruteforce attackElcomSoft Co. Ltd. accelerates the recovery of WPA and WPA2 encryption used in the Wi-Fi protocol by employing the new-generation NVIDIA video cards. ElcomSoft patent-pending GPU acceleration technology implemented in Elcomsoft Distributed Password Recovery allows using laptop, desktop or server computers equipped with supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than by using CPU only.

Elcomsoft Distributed Password Recovery supports both WPA and the newer WPA2 encryption used in the majority of Wi-Fi networks, allowing breaking Wi-Fi protection quickly and efficiently with most laptop and desktop computers. The support of NVIDIA graphic accelerators increases the recovery speed by an average of 10 to 15 times when Elcomsoft Distributed Password Recovery is used on a moderate laptop with NVIDIA GeForce 8800M or 9800M series GPU, or up to 100 times when running on a desktop with two or more NVIDIA GTX 280 boards installed. Governments, forensic and corporate users will benefit from vastly increased speed of breaking Wi-Fi protection provided by Elcomsoft Distributed Password Recovery.

Elcomsoft Distributed Password Recovery does more than WiFi passwords - you also get the ability to crack a number of documents and files such as Microsoft Office, PGP, ZIP, PDF, OpenDocument, and a number of others.

The power of Elcomsoft Distributed Password Recovery is down to its distributed nature.

Prices start at $499 for 20 clients, going up to $4,199 for 2,500+ clients.

Reality check time. Even a 100x speed increase isn't all that remarkable. If you're using sub 6 to 8 character passwords/passphrases, and you're leaving them in place for months (or years) at a time then you need to be worried. If you're using long pre-shared keys consisting of uppercase, lowercase, digits and common punctuation, you're still very safe.

For example, a 15 character password made up of uppercase, lowercase, digits and common punctuation is highly resistant to a brute-force attack. Even at the rate of 100,000,000 password attempts a second, cracking that could take 3.5 x 1012 years. 

Note: Compare this to a 5 character password consisting of uppercase, lowercase, digits and common punctuation. Even at the modest rate of 50,000 password attempts a second, this could be cracked in about 13 hours!

Whether your system is resistant to this kind of attack really depends on the quality of your passphrase.

Topics: Wi-Fi, Networking, Processors, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • Remember: Use a good password!

    Yup - this is a reminder that you should use long passwords with punctuation and mixed case.

    And let's be honest, shall we? It's not just about "Governments, forensic and corporate users." The dark side is interested in this product as well.

    EDIT: And oh, yeah, never, ever use WEP. It can already be cracked in less than a minute. Use WPA amd make sure it has a good password.

    I recommend a maximum length, completely random password for WPA: All devices that connect to it will remember it after you put it in.
    CobraA1
    • Good article re password style/length

      http://www.lockdown.co.uk/?pg=combi&s=articles#classF

      It's worth a read ...

      Ludo
      Ludovit
  • This "attack" does NOT work for Full WPA/WPA2

    Contrary to the hyped up news reports - this "new" attack ONLY applies to passphrase recovery under wpa-psk and wpa2-psk implementations, both of which use non-dynamic seed values (a passphrase) to derive the PMK.
    Wpa-psk and wpa2-psk were long ago considered vulnerable due to the static passphrase nature of the WPA-PSK/WPA2-PSK implementation - the static passphrase is used to generate the pairwise master key which in turn spawns the rotating temporal keys used for actual encryption; Existing tools like cowpatty and aircrack-ng 1.0 prove that.

    Full (aka Enterprise) WPA/WPA2, which use a radius server to generate the master key in a fully dynamic and random manner, are not vulnerable to this "accelerated-password-recovery" attack.
    The only current way to attack a full WPA/WPA2 setup is to attack using a MITM approach, but that only works if there is no mutual authentication using certificates enabled between client and server.
    _ALL_ current attacks will fail if full WPA/WPA2 is deployed with mutual authentication using certificates between client and server.

    Conveniently omitting the "PSK" portion in the various news articles is dubious at best. I challenge anyone to prove that this software can defeat a full WPA/WPA2 setup and not just WPA-PSK/WPA2-PSK.
    jimjonesthesecond
    • Very interesting jimmonesthesecond...

      providing your information is true.
      JCitizen
  • So Adrian; are we to naively assume we are safe...

    if we are ATI fans!
    JCitizen