Elcomsoft uses NVIDIA GPUs to crack WPA2
[Via HotHardware]
Filed under: Misc. Gadgets
[Via HotHardware]
[Via HotHardware]
Previous
Editorial: Taking the iPhone 3GS off the job market
myTouch 3G hands-on (with video!)
Olympus E-P1 hands-on, test shots, and mini-review
Wii MotionPlus impressions
HTC Hero hands-on
MacBook Pro (mid 2009) in-depth impressions
Engadget Podcast 154 - 07.11.2009
Breaking news Feed
- Sony Ericsson Rachael UI video leaks out, Kiki comes for the ride
- T-Mobile's myTouch 3G launch event: pre-orders now available
- Google announces Chrome OS, coming to netbooks second half of 2010
- LG teases next-generation Chocolate for August unveiling
- Sony VAIO W netbook now official in US, coming August for $499
- Palm Pre official on O2 and Movistar in Europe, launch "in time for holidays"
- Creative Zii and Zii EGG touchscreen players with HD cameras served up by FCC
- Sony announces VAIO W... netbook!
- Sony Ericsson "Rachael" Android XPERIA handset unveiled?
- Sprint matches Verizon's pace, launching BlackBerry Tour on July 12
Featured stories Feed
- Entelligence: Why the pen isn't mightier than the keyboard
- How would you change Sony's OLED Walkman?
- Editorial: Taking the iPhone 3GS off the job market
- Video: Toshiba TG01 gets UK launch, we handle it again
- Ask Engadget: What's the best nettop out there now?
- HTC Hero vs. T-Mobile myTouch 3G... fight!
- Switched On: With Google, this is not your father's OS war
- myTouch 3G hands-on (with video!)
- T-Mobile's myTouch 3G launch event: pre-orders now available
- Verizon BlackBerry Tour 9630 review
Engadget Video
- Verizon to its smartphones: thou shalt have no other app store before mine
- Windows 95 on iPhone: the worst Parallels installation you've ever seen
- Skyfire for BlackBerry reaches private beta, BlackBerry browsing a little closer to not sucking (updated: nope, still alpha)
- Video: New Palm Pre ad takes serene approach, just goes with the flow
- LG Application Store launches, Asia-Pacific gets first dibs
Resources
Sections
WIN Network
- Autos
- Technology
- Lifestyle
- Gaming
- Entertainment
- Finance
- Sports
- Also on AOL
Reader Comments (Page 1 of 2)
broli @ Oct 13th 2008 11:04AM
$599? Are they actually asking to be pirated.
MaGiXX @ Oct 13th 2008 11:21AM
599 which is the cheapest is for 20 licenses which not a bad price for an individual license at 30$. The more expensive versions just include more licenses.
tech_e @ Oct 13th 2008 12:03PM
when are they going to come out with a program that can crack their new software at 100x performance?
Kimleng @ Oct 13th 2008 12:19PM
I think they didn't know how to price it, so they went and consulted with Adobe on what to set the price to. Adobe happily obliged and gave them a good ballpark starting number...
Welcome to WPA-2 Cracking Suite or WPA-2 CS
Andrew @ Oct 13th 2008 1:13PM
That's what I was thinking - is the kind of person using a 'trunk-mounted bladeserver' to hack your wi-fi really going to bother with the formality of paying for the software?
John @ Oct 13th 2008 4:01PM
Welcome to the world of specialty software. My company's dispatching software that manages customer information and assign's techs to scheduled jobs costs over $5000. Heck the license to use the Windows Mobile syncing client is $200 per license.
Magallanes @ Oct 13th 2008 11:09AM
afaik: to break wpa2 using force brute can take several months (or even years), so 10 - 15 times is fast yet useless.
ben @ Oct 13th 2008 11:34AM
One would think that is exactly why 10-15 times faster is so important.
Curtis Joslin @ Oct 13th 2008 11:45AM
especially since the more high end cards are 45 times or more. that seems like even it were take a year under normal circumstances that 45 faster would be a little over a week.. seems worth it to me.
Magallanes @ Oct 13th 2008 12:16PM
There are a order of magnitude problem with such product:
To break a wkap2 can take over a *billion* of years (not months), so can you say 10, 100 or a million times fasten doesn't really matter.
jimmy @ Oct 13th 2008 3:19PM
if this is like any other wpa bruteforce, then what they are banking on is that the key is generated by hashing an ascii passphrase, thereby significantly cutting down the keyspace.
MadMike @ Oct 13th 2008 11:10AM
People that would be using this with bad intentions would not be paying for the software to begin with.
Takashi @ Oct 13th 2008 11:11AM
I hardly think the ethics of buying software apply for wardrivers looking for secure networks...
michas_pi @ Oct 13th 2008 11:13AM
I want to use NVIDIA GPUs to brute-force the keygen for the program.
broli @ Oct 13th 2008 11:29AM
Paradox detected...overload...overload...
giuliop @ Oct 13th 2008 12:24PM
The keygen can actually be run on a CGA.
Aguiluz @ Oct 13th 2008 11:21AM
*ramps up passwords on router*
birthday is 1990 @ Oct 13th 2008 11:32AM
I don't understand how using a gpu is faster than using a processor several times faster. Could someone explain?
ben @ Oct 13th 2008 11:36AM
It's using GPUs in conjunction with CPU on the board already
ZeroTech @ Oct 13th 2008 11:40AM
For the same reason the Cell is better at folding.
Chris @ Oct 13th 2008 11:44AM
A GPU is an ASIC type processor (http://en.wikipedia.org/wiki/Application-specific_integrated_circuit)
ASIC processors are much faster than our CPU's because they are geared towards doing one specific type of task.
The difference being that a processor is designed to perform many different types of tasks and computations, but a GPU on the other hand is geared only towards graphics related processing. This is why CPU's suck so hard at rendering graphics, they simply aren't fast enough. (Download 3d mark and look at your FPS when it tries to render only using the CPU)
ethana2 @ Oct 13th 2008 11:44AM
It's not 1 processor, it's like 256 or something.
sr @ Oct 14th 2008 1:00AM
What Ethana says is almost right. These GPUs have 256 parallel processors (or processing units) that normal work on processing millions of pixels a second. If you can make software that feeds data into the GPU for processing like millions of similar calculations (as opposed to one big calculation whose result is needed to start the next calculation) then it is very much akin to using a 256 core processor. Since this is brute force it can feed many, many processing units simultaneously with different guesses.
Mark @ Oct 13th 2008 11:33AM
If I could afford to mount a bladeserver in my trunk... $599 probably wouldn't be that bad.
ethana2 @ Oct 13th 2008 11:40AM
Dangit, this makes my rainbow tables obsolete!
...actually, they'll still probably increase performance in a lot of cases....
Ok yeah, I'm keeping my rainbow tables.
ethana2 @ Oct 13th 2008 11:42AM
Wait, they expect people to pay for this?!
...oh thank goodness, isohunt has it. Nevermind, we're good. Carry on.
Kimleng @ Oct 13th 2008 11:49AM
That's it, I guess I have to stop using WPA-2 protection. I'm now going to go to ADPS(animal drawing protection system).
"Please draw a picture of this: kitten riding on a unicorn"
"Press F3 to try a different drawing."
"Your drawing was not accepted..."
"Hint: Kittens do not have breast implants. Please try again..."
Let's see how long it takes for them to hack that!!!
michas_pi @ Oct 13th 2008 12:05PM
Fine, I'll just get a Tablet PC and draw dongs all day long.
Uchiha Sasuke @ Oct 13th 2008 12:25PM
@ michas_pi
Isn't that what you do all day anyways minus the tablet PC?
michas_pi @ Oct 13th 2008 1:05PM
@Uchiha Sasuke:
Yes. No.
barry99705 @ Oct 13th 2008 1:35PM
Using wpa2 with a 64 character random character password is still essentially "impossible" to crack.
(I'm calling anything that takes longer than you'll live impossible)
conCern @ Oct 13th 2008 12:34PM
yea theres like 35 seeds for this program on isohunt. I wonder if u need a special wireless hardware.
Ihar `Philips` Filipau @ Oct 13th 2008 12:39PM
> $599
Just wait a bit for creators of RainBow crack to get a wind of the things...
Many encryption methods are easily crackable with Open Source Software. Elcomsoft software is very polished and easy to use, yet (freeware) apps like Cain ( http://www.oxid.it/cain.html ) in many situations can be used without any problems. And Cain is only a little bit more than collection of OSS libraries for "password recovery."
Ruben @ Oct 13th 2008 1:37PM
Its a dictionary based attack in a brute force manor.
Im curious though. If routers and quite frankly any WPA carrying device has attempt timeouts, isnt the speed of this thing virtually meaningless? That seems like a solution to such a piece of software.
barry99705 @ Oct 13th 2008 1:38PM
Once they capture the 4way handshake, they can take that back home and crack it at their leisure. No need for trunk mounted blade servers. As long as you don't use a dictionary work with random upper, lower, numbers and special characters, it's still damn near impossible to crack.
Jay @ Oct 13th 2008 1:44PM
It uses a dictionary attack and therefore strong passwords are NOT susceptible. Brute force attack of a 128 bit AES key is absurd.
It is not the game-changer it is made out to be. It is simply a speedup which means you should make sure you choose good passwords... Nothing new.
dave @ Oct 13th 2008 2:49PM
Even if my wifi password was cracked, MAC filtering prevents intrusion of my network.
cashmonee @ Oct 13th 2008 3:02PM
You're kidding right? MAC filtering? Really?
maheshjr2000 @ Oct 13th 2008 3:02PM
you use MAC filtering on your home network? Dont you ever have guests over?
Jay @ Oct 13th 2008 3:40PM
It might prevent people from using your wifi, however they can still eavesdrop on your network. It is not a substitute for encryption.
Azayzel @ Oct 13th 2008 3:41PM
You've got to be kidding. If you're relying on MAC filtering as a security measure, you're only fooling yourself. MAC filtering is one of the easiest security measures to defeat. Basically, here's how easy it is to defeat: a) I start sniffing, b) I catch the MAC of the device talking to everything, got your router, c) I get the MAC's of all other devices allowed on your network that the router is talking with, d) I run a simple script that causes one of your devices (or all) to disconnect from the router, and e) I jump on your network using your spoofed MAC. This would talk all of about a minute to do, so don't simply rely on simple filtering and limited DHCP pool to be your security.
What's the best security? I still use a combination of all the security features on my router and won't worry too much about anyone jumping on my network, simply due to the fact that if they know how to crack your keys they can get around the other simpler features but inevitably they'll take the path of least resistance... i.e., my neighbor next-door's unsecure wifi point and not mine!
barry99705 @ Oct 13th 2008 5:59PM
MAC filtering is the same as leaving the key under your door mat. It makes you feel secure, but isn't.
EMK @ Oct 13th 2008 2:58PM
Kimleng: "think they didn't know how to price it, so they went and consulted with Adobe on what to set the price to. Adobe happily obliged and gave them a good ballpark starting number...
Welcome to WPA-2 Cracking Suite or WPA-2 CS"
Its really ironic that you say that, considering that Adobe had Dmitry Skylarov, an Elcomsoft employee at the time, arrested in Las Vegas for his reverse engineering of the Adobe Ebook format. This was around 2003 IIRC. Charges were eventually dropped after all the bad PR for Adobe. Elcomsoft no longer sells Advanced Ebook Decrypter, and I am not sure what Dmitry is up to these days.
And as for WPA/WPA2, as barry99705 pointed out, the bruteforce attack is passive aka offline, once you have the handshake captured. There are no means for a router to prevent this. Just the time it takes, which is constantly decreasing. Amazon EC2 anounced preview support for Windows Server on their cloud( Elcomsoft programs are unfortunately windows only). Too bad they don't offer Nvidia GPUs with that :)
Illystor @ Oct 13th 2008 7:41PM
$5000 dollars you say?
Damn, I guess its a toss up between that and a new Sony then.
Bum.
sr @ Oct 14th 2008 12:28AM
Read the link it's $599 if you want one for yourself, the $5000 part is just stupid writing since that's for 2500+ users or less than $2 a user.
Joshua Walters @ Oct 13th 2008 8:42PM
"We wouldn't worry too much about wardrivers with trunk-mounted bladeservers going nuts"
I wouldnt either. I keep my bladeservers mounted in a delorean. More respect from those who would appreciate it.
nikster @ Oct 13th 2008 10:19PM
Given that this is a brute force, anything that's out of dictionary should be able to defeat it. You don't have to have 64 random characters, something like *&ENgad89et$$ should totally throw it off. Adding a few special characters is enough to make the search space so large that a normal CPU would take longer than the age of the universe, and increasing that 100-fold would not really make any practical difference.
jaekman @ Oct 13th 2008 10:59PM
Servers in your what? Dude, welcome to the internets. You can remote desktop/SSH into your home and operate a farm. As the article says you only need a small sampling to start the attack. With xVM you can operate tens of thousands of computers remotely.
sr @ Oct 14th 2008 12:26AM
Ramp up to $5000 "pretty quickly"? Yeah if you have 2500+ people working for or around you. $599 for 20 clients is pretty fucking amazing considering what it can do and that price should cover many small police departments. Yeah people won't be using it save on their $40-50 a month cable internet fee, if that's your point.
BigJohn @ Oct 15th 2008 8:10AM
Need to clear a few things up I think.
a) you don't need a blade server in your car, with WPA you only need to cap 1 specific packet which is the 4 way hand shake (ok that's probably 4 packets) which you can then take to work and feed in to Elcomsofts software.
b) the GPU increases the speed by 100x, well thats only on 1 client, even at the cheap end of 20 licenses that's 2000x faster then cracking on your laptop at least. 100 years just came down to 20 days
c) if you have the best kit available that this software supports, and this stuff is aimed at goverments and forensics labs
then that's 20 machines running 64 processor cors and 4 GPU's per node
= 80 GPU's and 1280 cores
then it could crack a password that takes 100 years on a normal machine in roughly a day maybe, i didn't do an actual calculation.
I think however a good 64 charictar password takes a lot longer then 100 years on a normal machine. Anyone know roughly how long, I have in my mind a feeling that it takes longer then the universe exists, or that might be something else I was thinking about.
Anyway I can just see someone starting a Cracking@HOME project like Seti or Folding