Slashdot Mirror

← Back to Stories (view on slashdot.org)

GPUs Used To Crack WiFi Passwords Faster

Posted by ryuzaki0 on from the security-tools-yeah-right dept.

MojoKid writes "Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a 'proprietary GPU acceleration technology,' which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. ElcomSoft positions the software as a way to 'audit' wireless network security."

5 of 189 comments (clear)

  1. Re:Brute-force password guessing not a problem by Anonymous Coward · · Score: 5, Informative

    My WPA password is larger than 15 characters.

    Isn't best practice greater than 32 for WPA? The maximum is 63 I believe.

  2. Re:Brute-force password guessing not a problem by Spazztastic · · Score: 4, Informative

    Since you generally never have to type a WPA key in, might as well go for maximum entropy.

    https://www.grc.com/passwords.htm

    Or not even using something that is transmitted over the internet and is TRULY random:

    dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

    Credits go to someone from the Stupid (Useful) Linux tricks thread.

    --
    Posts not to be taken literally. Almost everything is sarcasm.
  3. Re:Brute-force password guessing not a problem by Shakrai · · Score: 4, Informative

    I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords? How do you know they are generating them with real entropy?

    Diceware is a better bet, IMHO. You can generate them offline and with a good set of dice you get real entropy. You can use the instructions on that webpage to generate totally random passwords or to generate passwords with words in them that are easy to remember but still pretty secure/random.

    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  4. Great Program by JimmyRay_TWTV · · Score: 5, Informative

    I tested this program for a upcoming show and I really liked it. The cost is high for most regular folks, so it is geared more towards Government/Commercial. For a nice open source option, I also recommend Pyrit. I had a few issues importing Aircrack files, but most of those have been resolved.

    --
    Jimmy Ray Ecc 5:19
  5. Re:Brute-force password guessing not a problem by wastedlife · · Score: 5, Informative

    From the product website:

    Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text.

    TFA is misunderstanding the way the app functions, it listens to the network until a certain amount of information has been sent, then attempts to decrypt that data locally. Sending wave after wave of login attempts is easily detectable and would almost certainly bottleneck somewhere at the network level before CPU.

    --
    Said, "It's just like dice but it's got more sides And it tells me who lives and who dies"