Elcomsoft has been using NVIDIA's
CUDA GPU computing architecture to accelerate its Distributed Password Recovery tool for
a while now, but it looks like the latest version of the cracking utility takes it to the next level -- it can break a WPA2 password using two GeForce GTX 280-based boards 100 times faster than with just a CPU. It's still a brute-force crack, but only a few packets need be sniffed, and the GPU accelerates the algorithm used to generate keys significantly -- even laptop-grade 8800M and 9800M GPUs speed things up 10 to 15 times. We wouldn't worry too much about wardrivers with trunk-mounted bladeservers going nuts, however -- the base version of the software costs $599, and things ramp up to $5,000 pretty quickly.
[Via
HotHardware]
posted Oct 13th 2008 10:58AM
$599? Are they actually asking to be pirated.
599 which is the cheapest is for 20 licenses which not a bad price for an individual license at 30$. The more expensive versions just include more licenses.
when are they going to come out with a program that can crack their new software at 100x performance?
I think they didn't know how to price it, so they went and consulted with Adobe on what to set the price to. Adobe happily obliged and gave them a good ballpark starting number...
Welcome to WPA-2 Cracking Suite or WPA-2 CS
That's what I was thinking - is the kind of person using a 'trunk-mounted bladeserver' to hack your wi-fi really going to bother with the formality of paying for the software?
Welcome to the world of specialty software. My company's dispatching software that manages customer information and assign's techs to scheduled jobs costs over $5000. Heck the license to use the Windows Mobile syncing client is $200 per license.
afaik: to break wpa2 using force brute can take several months (or even years), so 10 - 15 times is fast yet useless.
One would think that is exactly why 10-15 times faster is so important.
especially since the more high end cards are 45 times or more. that seems like even it were take a year under normal circumstances that 45 faster would be a little over a week.. seems worth it to me.
There are a order of magnitude problem with such product:
To break a wkap2 can take over a *billion* of years (not months), so can you say 10, 100 or a million times fasten doesn't really matter.
if this is like any other wpa bruteforce, then what they are banking on is that the key is generated by hashing an ascii passphrase, thereby significantly cutting down the keyspace.
People that would be using this with bad intentions would not be paying for the software to begin with.
I hardly think the ethics of buying software apply for wardrivers looking for secure networks...
I want to use NVIDIA GPUs to brute-force the keygen for the program.
Paradox detected...overload...overload...
The keygen can actually be run on a CGA.
*ramps up passwords on router*
If I could afford to mount a bladeserver in my trunk... $599 probably wouldn't be that bad.
I don't understand how using a gpu is faster than using a processor several times faster. Could someone explain?
It's using GPUs in conjunction with CPU on the board already
For the same reason the Cell is better at folding.
A GPU is an ASIC type processor (http://en.wikipedia.org/wiki/Application-specific_integrated_circuit)
ASIC processors are much faster than our CPU's because they are geared towards doing one specific type of task.
The difference being that a processor is designed to perform many different types of tasks and computations, but a GPU on the other hand is geared only towards graphics related processing. This is why CPU's suck so hard at rendering graphics, they simply aren't fast enough. (Download 3d mark and look at your FPS when it tries to render only using the CPU)
It's not 1 processor, it's like 256 or something.
What Ethana says is almost right. These GPUs have 256 parallel processors (or processing units) that normal work on processing millions of pixels a second. If you can make software that feeds data into the GPU for processing like millions of similar calculations (as opposed to one big calculation whose result is needed to start the next calculation) then it is very much akin to using a 256 core processor. Since this is brute force it can feed many, many processing units simultaneously with different guesses.
Dangit, this makes my rainbow tables obsolete!
...actually, they'll still probably increase performance in a lot of cases....
Ok yeah, I'm keeping my rainbow tables.
Wait, they expect people to pay for this?!
...oh thank goodness, isohunt has it. Nevermind, we're good. Carry on.
That's it, I guess I have to stop using WPA-2 protection. I'm now going to go to ADPS(animal drawing protection system).
"Please draw a picture of this: kitten riding on a unicorn"
"Press F3 to try a different drawing."
"Your drawing was not accepted..."
"Hint: Kittens do not have breast implants. Please try again..."
Let's see how long it takes for them to hack that!!!
Fine, I'll just get a Tablet PC and draw dongs all day long.
@ michas_pi
Isn't that what you do all day anyways minus the tablet PC?
@Uchiha Sasuke:
Yes. No.
Using wpa2 with a 64 character random character password is still essentially "impossible" to crack.
(I'm calling anything that takes longer than you'll live impossible)
yea theres like 35 seeds for this program on isohunt. I wonder if u need a special wireless hardware.
> $599
Just wait a bit for creators of RainBow crack to get a wind of the things...
Many encryption methods are easily crackable with Open Source Software. Elcomsoft software is very polished and easy to use, yet (freeware) apps like Cain ( http://www.oxid.it/cain.html ) in many situations can be used without any problems. And Cain is only a little bit more than collection of OSS libraries for "password recovery."
Its a dictionary based attack in a brute force manor.
Im curious though. If routers and quite frankly any WPA carrying device has attempt timeouts, isnt the speed of this thing virtually meaningless? That seems like a solution to such a piece of software.
Once they capture the 4way handshake, they can take that back home and crack it at their leisure. No need for trunk mounted blade servers. As long as you don't use a dictionary work with random upper, lower, numbers and special characters, it's still damn near impossible to crack.
It uses a dictionary attack and therefore strong passwords are NOT susceptible. Brute force attack of a 128 bit AES key is absurd.
It is not the game-changer it is made out to be. It is simply a speedup which means you should make sure you choose good passwords... Nothing new.
Even if my wifi password was cracked, MAC filtering prevents intrusion of my network.
You're kidding right? MAC filtering? Really?
you use MAC filtering on your home network? Dont you ever have guests over?
It might prevent people from using your wifi, however they can still eavesdrop on your network. It is not a substitute for encryption.
You've got to be kidding. If you're relying on MAC filtering as a security measure, you're only fooling yourself. MAC filtering is one of the easiest security measures to defeat. Basically, here's how easy it is to defeat: a) I start sniffing, b) I catch the MAC of the device talking to everything, got your router, c) I get the MAC's of all other devices allowed on your network that the router is talking with, d) I run a simple script that causes one of your devices (or all) to disconnect from the router, and e) I jump on your network using your spoofed MAC. This would talk all of about a minute to do, so don't simply rely on simple filtering and limited DHCP pool to be your security.
What's the best security? I still use a combination of all the security features on my router and won't worry too much about anyone jumping on my network, simply due to the fact that if they know how to crack your keys they can get around the other simpler features but inevitably they'll take the path of least resistance... i.e., my neighbor next-door's unsecure wifi point and not mine!
MAC filtering is the same as leaving the key under your door mat. It makes you feel secure, but isn't.
Kimleng: "think they didn't know how to price it, so they went and consulted with Adobe on what to set the price to. Adobe happily obliged and gave them a good ballpark starting number...
Welcome to WPA-2 Cracking Suite or WPA-2 CS"
Its really ironic that you say that, considering that Adobe had Dmitry Skylarov, an Elcomsoft employee at the time, arrested in Las Vegas for his reverse engineering of the Adobe Ebook format. This was around 2003 IIRC. Charges were eventually dropped after all the bad PR for Adobe. Elcomsoft no longer sells Advanced Ebook Decrypter, and I am not sure what Dmitry is up to these days.
And as for WPA/WPA2, as barry99705 pointed out, the bruteforce attack is passive aka offline, once you have the handshake captured. There are no means for a router to prevent this. Just the time it takes, which is constantly decreasing. Amazon EC2 anounced preview support for Windows Server on their cloud( Elcomsoft programs are unfortunately windows only). Too bad they don't offer Nvidia GPUs with that :)
$5000 dollars you say?
Damn, I guess its a toss up between that and a new Sony then.
Bum.
Read the link it's $599 if you want one for yourself, the $5000 part is just stupid writing since that's for 2500+ users or less than $2 a user.
"We wouldn't worry too much about wardrivers with trunk-mounted bladeservers going nuts"
I wouldnt either. I keep my bladeservers mounted in a delorean. More respect from those who would appreciate it.
Given that this is a brute force, anything that's out of dictionary should be able to defeat it. You don't have to have 64 random characters, something like *&ENgad89et$$ should totally throw it off. Adding a few special characters is enough to make the search space so large that a normal CPU would take longer than the age of the universe, and increasing that 100-fold would not really make any practical difference.
Servers in your what? Dude, welcome to the internets. You can remote desktop/SSH into your home and operate a farm. As the article says you only need a small sampling to start the attack. With xVM you can operate tens of thousands of computers remotely.
Ramp up to $5000 "pretty quickly"? Yeah if you have 2500+ people working for or around you. $599 for 20 clients is pretty fucking amazing considering what it can do and that price should cover many small police departments. Yeah people won't be using it save on their $40-50 a month cable internet fee, if that's your point.
Need to clear a few things up I think.
a) you don't need a blade server in your car, with WPA you only need to cap 1 specific packet which is the 4 way hand shake (ok that's probably 4 packets) which you can then take to work and feed in to Elcomsofts software.
b) the GPU increases the speed by 100x, well thats only on 1 client, even at the cheap end of 20 licenses that's 2000x faster then cracking on your laptop at least. 100 years just came down to 20 days
c) if you have the best kit available that this software supports, and this stuff is aimed at goverments and forensics labs
then that's 20 machines running 64 processor cors and 4 GPU's per node
= 80 GPU's and 1280 cores
then it could crack a password that takes 100 years on a normal machine in roughly a day maybe, i didn't do an actual calculation.
I think however a good 64 charictar password takes a lot longer then 100 years on a normal machine. Anyone know roughly how long, I have in my mind a feeling that it takes longer then the universe exists, or that might be something else I was thinking about.
Anyway I can just see someone starting a Cracking@HOME project like Seti or Folding
hello evryone,
has any one used this software ,
I would try it for the sam ans syskey files , but it can't read the file , it give me a msg error = "the file isn't encrypted"
why or how can i try it
what does :
\\\- 100%-compatible with IBM PC computer, processor Pentium or higher;////
means ??????
thank you