In association with heise online

13 October 2008, 17:13

Improved WPA and WPA2 password-cracking tool causes concern

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Elcomsoft's announcement of an improved version of its Distributed Password Recovery (EDPR) tool that can crack WPA and WPA2 passwords faster has caused concern among users and specialists. The UK's Secure Computing magazine is quoting Global Secure Systems, a provider of security services, as [] saying that securing a WLAN solely with WPA or WPA2 is now no longer sufficient]: additional protection with VPN encryption is necessary.

Elcomsoft announced at the beginning of the week that EDPR now supports several graphics card chips to restore passwords on WLANs. This is claimed to make the cracking process up to 100 times faster than with a normal CPU. About a year ago, Elcomsoft showed with version 2.0 of EDPR how GeForce 8-series cards could be used to crack Windows NTLM passwords up to 25 times faster. Now, it seems, nVidia's multi-GPU support will allow WPA and WPA2 passwords to be "recovered" faster, too.

In particular, nVidia's GeForce GTX280, with up to 240 shader ALUs and up to one gigabyte of memory, gives an enormous boost to performance. On an average laptop with an Nvidia GeForce 8800M or 9800M, WPA passwords can cracked 10 to 15 times faster than without GPU support. If two or more GTX-280 cards are harnessed, the process is reported to be 100 times faster. Besides WPA passwords, EDPR is able to work out passwords for Microsoft Office, Adobe Acrobat, PGP and Lotus Notes, as well as Windows and Unix passwords.

Whether Elcomsoft's tool really represents a danger to WLANs using WPA remains to be seen. The attack is a simple brute-force one, using the computational power of multiple GPUs to accelerate the process. If strong passwords are used – that is, long and containing unpredictable sequences of characters – then the attack could still a considerable amount of time, even at 100 times the speed. The fastest password-breaking from this system will require a cluster of powerful workstations with multiple pairs of high-end dual-processor graphics cards, working possibly for some days, so it's not an attack that people will be launching from a PDA or smartphone, nor even from a car parked outside. A serious attack on a well-set-up WLAN will require grabbing a significant chunk of network traffic with a sniffer, then taking it offsite for processing. By the time the security has been broken, a tightly-secured network will have changed the keys anyway.

Weak passwords, on the other hand, are a problem, even without EDPR. In addition, TKIP is often used on corporate networks for encryption, meaning that the network key continually changes every few kilobytes during a session. Elcomsoft has not reported whether its new tool can also quickly attack such networks.

See also:

  • [] WiFi is no longer a viable secure connection], report by SC Magazine UK


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit