Page 1:How Secure Is Your Wireless Network?
Page 2:Test Setup
Page 3:Network Security: The First Line Of Defense
Page 4:WEP Is Dead, Haven't You Heard?
Page 5:Understanding WPA/WPA2: Hashes, Salting, And Transformations
Page 6:WPA Cracking: It Starts With Sniffing
Page 7:CPU-Based Cracking: Like Watching Paint Dry
Page 8:GPU-Based Cracking: AMD Vs. Nvidia In Brute-Force Attack Performance
Page 9:Nvidia's Tesla And Amazon's EC2: Hacking In The Cloud
Page 10:Securing Your WPA-Protected Network
CPU-Based Cracking: Like Watching Paint Dry
Wireless Security Auditor: i5-2500k
If the guy trying to get into your network is only armed with a conventional desktop processor, don't fret about the security of your WPA-protected network. Those 16 388 SHA1 transformation invocations really bog down brute-force attacks. While we were able to crack WinZip archives at 20 million passwords per second in our previous piece, we're only able to manage about 5000 against WPA using an Intel Core i5-2500K.
|Total Search Time Search, Assuming 5000 WPA Passwords/Second||Passwords Between 1 and 4 Characters||Passwords Between 1 and 6 Characters||Passwords Between 1 and 8 Characters||Passwords Between 1 and 12 Characters|
|Numbers||Instant||4 minutes||6.5 hours||7.5 years|
|Lower-case||2 minutes||18 hours||1.5 years||662 263 years|
|Alphanumeric (including Upper-case)||52 minutes||140 days||1481 years||Next Big Bang|
|All (Printable) ASCII characters||5 hours||5 years||48 644.66 years||Next Big Bang|
How's this for a sense of futility? There's really no way to brute-force an alphanumeric password longer than six characters using our Core i5 processor. If you're using the entire (printable) ASCII set, a WPA password longer than five characters is reasonably safe.
The calculations above assume you're running WSA in Windows, because the Linux route yields slightly worse CPU performance. Using CoWPAtty and Pyrit, we're down to 3307 passwords per second.
3949.1 PMKs: Pyrit Benchmark on i5-2500k
In the pages to come, we're going to present two numbers from Linux: the result from Pyrit's benchmark command and the figure reported by CoWPAtty using the Pyrit pass-through function. The Pyrit benchmark command is commonly used to highlight GPU performance, but it doesn't figure in the last couple of transformations needed to go from PMK to PTK. There is some overhead there because the PMK-PTK conversion occurs outside of Pyrit.
CoWPAtty and Elcomsoft's Wireless Security Auditor test the speed at which master keys are checked against the PTK information contained within captured packets. As such, those are the real-world numbers you would see in mounting a brute-force attack against a WPA-protected network.
- How Secure Is Your Wireless Network?
- Test Setup
- Network Security: The First Line Of Defense
- WEP Is Dead, Haven't You Heard?
- Understanding WPA/WPA2: Hashes, Salting, And Transformations
- WPA Cracking: It Starts With Sniffing
- CPU-Based Cracking: Like Watching Paint Dry
- GPU-Based Cracking: AMD Vs. Nvidia In Brute-Force Attack Performance
- Nvidia's Tesla And Amazon's EC2: Hacking In The Cloud
- Securing Your WPA-Protected Network