GPUs Used To Crack WiFi Passwords Faster

MojoKid writes "Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0, which can take advantage of both Nvidia and ATI GPUs. ElcomSoft claims that the software uses a 'proprietary GPU acceleration technology,' which implies that neither CUDA, Stream, nor OpenCL are being utilized in this instance. At its heart, what ElcomSoft Wireless Security Auditor does is perform brute-force dictionary attacks of WPA and WPA2 passwords. If an access point is set up using a fairly insecure password that is based on dictionary words, there is a higher likelihood that a password can be guessed. ElcomSoft positions the software as a way to 'audit' wireless network security."

Brute-force password guessing not a problem

[morgan_greywolf]

But brute force-password guessing isn't a problem if you a choose a long enough password with a large enough character set - letters, numbers, symbols. My WPA password is larger than 15 characters. Good luck without a Beowulf cluster of those -- and even then, it better have a LOT of those GPUs.

Re:Brute-force password guessing not a problem

[Anonymous Coward]

My WPA password is larger than 15 characters.

Isn't best practice greater than 32 for WPA? The maximum is 63 I believe.

Re:

[morgan_greywolf]

I hadn't heard that, but a totally random 63 character password would be ideal, yes. Note that I didn't say how much greater it is than 15. ;) But anything over 15 characters is probably secure enough for most home users.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[morgan_greywolf]

In this case I hope you are paying your team of armed guards well and trust that they won't betray you ;)

I have a mote populated with sharks -- with friggin' LASER BEAMS attached to their heads!

Re:Brute-force password guessing not a problem

[ShieldW0lf]

Maybe I'm dense, but how the hell does flooding a wireless card with brute force dictionary attacks bottleneck on computation speed? You create your dictionary, once, you stick it on a hard drive, you stream it at your target through the wireless networking card, you wait.

This product seems like a bunch of bullshit to me. Even if they did come up with some particularly clever algorithm for creating more effective dictionaries and speed it up GPUs, there's no need to recreate a dictionary every time you're doing a brute force attack.

Re:Brute-force password guessing not a problem

[wastedlife]

From the product website:

Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text.

TFA is misunderstanding the way the app functions, it listens to the network until a certain amount of information has been sent, then attempts to decrypt that data locally. Sending wave after wave of login attempts is easily detectable and would almost certainly bottleneck somewhere at the network level before CPU.

Re:

[cbiltcliffe]

Your last guess is pretty close.

You intercept a few packets of data from the wireless network and save them. Then, you bugger off to your evil lair, and set about trying to crack them with your dictionary list.

But the algorithm that WPA uses is non-reversible. It's also run 4096 times.
So to crack it, you take the first line in your dictionary, throw in the network's SSID (this is included for better security. Passphrase: 12345 will hash differently on a network named linksys than it will on a network nam

Re:

[Arabani]

I'm fairly certain the SSID can be sniffed from captured network traffic. MAC filtering and DHCP limits only prevent an attacker from associating with your network (and the former can be circumvented fairly easily); they don't prevent an attacker from eavesdropping. However, if your password is >50 random characters, that will make a dictionary attack extraordinarily difficult.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[skeeto]

No organization on earth is going to be able to brute force a 15 character password (over 98 bits as you mention) made of randomly generated printable ASCII characters. Not for decades.

Even brute forcing 8 characters (over 52 bits) would require a modestly funded organization. Breaking your WPA key just wouldn't be worth the thousands of dollars to do it. It would be much easier to pick your locks while you are away at work and read the key directly from the router's memory.

32 randomly generated printable A

Re:

[secPM_MS]

Strong passwords / keys for WPA is not much of a burden. You only have to enter the damm things once. I use a random 32 character hex string as my key. I wrote it down and stored it in a known location. I also have it stored in an old USB drive in a text file. I have to enter it far more than most people, as I dogfood WIndows releases, flattening my notebook each time. Thus I have to reinitialize it for my home WPA network each time I rebuild it. I am not worrying about brute force attacks against 128 bit k

Re:

[Ihmhi]

I have a question about this. What if the wifi password contains a coherent sentence? Do brute forcers search for specific words in specific orders?

My old wifi password was:

yestheydeservedtodieandihopetheyburninhell!1

Adding some more random symbols and numbers in there would make it stronger, yes. What if it were:

yes!1they@2deserved#3to$4die%5and^6I&7hope*8they(9burn)0in_-hell+=!<>

As you can see, I basically hit Shift and went down the number row between the words. There is very much a recogni

Re:

[plover]

The old (very old) password cracking programs I've played with allow the user to set up rules to guide guesses. You'd fill out a series of patterns, and if possible base them on passwords you know your target has used in the past. For example, I knew a friend commonly substituted digit 1 for letter i, so added a rule of s/i/1/ to the list of modifications to dictionary words. (I eventually found his password was k3rm1t.)

Like most things, the answer of "is your security weaker" is "it depends". You ce

Re:

[Ihmhi]

Well, that's an old one. It has no real effect on what my new password currently is. That thing is like... 2 years old?

The point is, if you didn't know that info - that it's a movie quote, etc. - and you're completely blind, would there really be much of a noticeable difference? Could it be quantified in time necessary to crack it?

To modify that old "make the other guy die for his country" quote, I don't necessarily want to aim to make my wireless secure, just way more secure than my neighbor's. Why hop ont

Re:

[sakdoctor]

Since you generally never have to type a WPA key in, might as well go for maximum entropy.

https://www.grc.com/passwords.htm [grc.com]

Re:Brute-force password guessing not a problem

[Spazztastic]

Since you generally never have to type a WPA key in, might as well go for maximum entropy.

https://www.grc.com/passwords.htm [grc.com]

Or not even using something that is transmitted over the internet and is TRULY random:

dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

Credits go to someone from the Stupid (Useful) Linux tricks thread.

Re:

[Anonymous Coward]

Not to be picky but you would need to use /dev/random and have enough entropy to make this TRULY random (assuming we live in a non-deterministic universe).

Re:

[AlXtreme]

Or not even using something that is transmitted over the internet and is TRULY pseudorandom:

There, fixed that for you.

Re:

[RiotingPacifist]

Or not even using something that is transmitted over the internet and is partly pseudorandom:

There, fixed that for you.

AFAIK, ive only read a few mans here, but urandom will use all the random avalible in random iff it runs out it will use the PRNG to extend it so both of you are wrong

Re:

[morgan_greywolf]

Assuming you have it compiled into kernel, yes. (Most modern distros do)

Re:Brute-force password guessing not a problem

[buchner.johannes]

dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

Don't use that, I use that as a password already!

Re:

[chill]

Who are you really and what type of stunt are you trying to pull here!

chill@E520:~$ dd if=/dev/random bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo

0+1 records in
0+1 records out
8 bytes (8 B) copied, 5.73129 s, 0.0 kB/s
P

chill@E520:~$
chill@E520:~$ dd if=/dev/random bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo
0+1 records in
0+1 records out
8 bytes (8 B) copied, 4.90066 s, 0.0 kB/s
Qd

A password of "P"?! Or a password of "Qd"?!!

[Okay, for those that don't get the humor. The dd command gene

Re:

[Nutria]

The dd command generates 200 binary bytes of random data and the tr command strips out the valid password characters.

So you'd think. But it works for me...

$ dd if=/dev/urandom bs=200 count=1 | tr -cd 'A-Za-z0-9!@#$%^&*()_+'; echo
1+0 records in
1+0 records out
200 bytes (200 B) copied, 0.000290517 s, 688 kB/s
N2^YH+085R!PwMC0VinHSsFP+Zf#GKoyyG#Fs)%QFl9$YOjz$%85dD

Re:

[chill]

Ummmm... you missed my comment about random didn't you. The length output by the command is random. Run it 10 times and see what you get.

Oh, and change the "/dev/urandom" to "/dev/random" for true randomness.

Re:

[RiotingPacifist]

/dev/random is the reason you were getting short keys.
using /dev/urandom about 50 times didnt give any short keys

if you insist on using /dev/random, not really much point as you can just change your keys if the algorithm is found wanting, then you have to check that there is enough entropy "cat /proc/sys/kernel/random/entropy_avail" before you run it

Re:

[ion.simon.c]

/dev/random is the reason you were getting short keys.

Does dd *really* terminate when /dev/random doesn't have enough data to serve? I would have thought that reads on /dev/random would block until it had enough data to serve the request.

Re:

[Nutria]

Ummmm... you missed my comment about random didn't you.

Must have.

The length output by the command is random. Run it 10 times and see what you get.

I got some short ones, just like you. Wiggling the mouse juiced up the entropy, though.

Re:

[Mad Merlin]

I prefer this:

perl -pe 's/[^[:print:]]//g;' </dev/urandom

Re:

[ion.simon.c]

You're not fooling me. You're just interested in discovering the states of our PRNGs!

Re:

[Nutria]

Nothing is random!

Except quantum mechanics. You know, Schrödinger's Cat...

Re:

[Sancho]

Worked on mine. Did you type it in correctly?

$ dd if=/dev/urandom bs=200 count=1 | tr -c -d 'A-Za-z0-9!@#$%^&*()_+'; echo
1+0 records in
1+0 records out
200 bytes transferred in 0.000050 secs (3994575 bytes/sec)
(+ori4d@f5Fvea_g0wOj2c(brCJo1y*!rQlve_kuDjFKYrqm7Fh#s#DfvJ

Re:

[Sancho]

I tried that after reading the man page--I'll admit, I didn't try -cd together.

Re:

[John Whitley]

>> dd if=/dev/random bs=200 count=1 | tr -c -d 'A-Za-z0-9!@#$%^&*()_+'; echo1+0 records in
1+0 records out
200 bytes transferred in 0.000068 secs (2943371 bytes/sec)
tr: Illegal byte sequence

>> printenv LC_CTYPE
en_US.UTF-8

>> (export LC_CTYPE=C; dd if=/dev/random bs=200 count=1 | tr -c -d 'A-Za-z0-9!@#$%^&*()_+'; echo)
1+0 records in
1+0 records out
200 bytes transferred in 0.000054 secs (3711773 bytes/sec)
ntAzlJkArsfaMJXM^0ugwmhHxGiCZ)HVFg@JN4!HOM3tn&pWQ&pu6g

The default locale values on my US mac are "en_US.UTF-8". Per the tr man page on OS X:

ENVIRONMENT
The LANG, LC_ALL, LC_CTYPE and LC_COLLATE environment variables affect the execution
of tr as described in environ(7).

When LC_CTYPE has a UTF-8 encoding, tr requires that the input byte stream be well-formed UTF-8; not all random byte strings adhere to this. In the working example, I set LC_CTYPE to "C", which one can think of as "binary, with no encoding".

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[necro81]

I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords? How do you know they are generating them with real entropy?

If you are worried about it, but still don't want (or for some reason, can't) generate a random character string locally, you could always have the website generate several passwords, then combine them yourself in some random way. For instance, you could swap blocks from eac

Re:

[evanbd]

If you're worried about the source or transmission channel being compromised (or malicious) you've just inserted *several* bits of entropy. A good password needs 64 bits or more if you want to protect against this sort of attack. A presumed compromised source of random data supplies zero bits of entropy. This is really something you need to do on your own machine, if not manually. Rolling dice just isn't that hard.

Re:

[kj_kabaje]

"cleftcamsynodlacyyr" How did they guess my PASSWORD!!??!

Re:

[radish]

For something like a WPA passphrase (it's not really the key) the actual amount of "randomness" isn't important provided whatever you use isn't in whatever dictionary the attacker is using. Once the dictionary attack is exhausted they're going to have to move onto simple one-by-one testing, and being "more random" or "less random" has no real meaning. Eventually they'll hit the right one, it's just a matter of how long that takes, which is a matter of luck and what order they test them in :)

Re:

[evanbd]

Modern guessers start modifying the dictionary and evaluating things in a prioritized order based on how far away they are from it. Until your password bears no visible relationship to the dictionary, you're too close; it's not just a simple in vs out question. If you care about your password, you need to make a serious evaluation of how many bits of entropy it contains, and assume the attacker can guess in a priority order that will limit its effectiveness to that many bits. If you only have 30 bits of

Re:

[radish]

Oh I agree, I think maybe I wasn't clear. Obviously your password has to look *nothing* like anything in the dictionary, that's a given. I was just saying that using one prng vs another slightly more random one won't make a lot of difference. You don't need a cryptographically strong rng for generating a passphrase.

Re:

[DMUTPeregrine]

That said, a cryptographically strong rng won't hurt. KeePass includes one, and is good for storing all those passwords, /dev/random is one if you just need to generate them. When they're that easy to get and use, why not use one?

Re:

[rob1980]

I question the wisdom of relying on a third party website to generate passwords for you. At least they are using ssl but how do you know they aren't keeping those passwords?

To what end, though? Gibson is probably too busy trying to scare everybody with latest_security_hole_02782 to bother to hack into your wireless router anyway.

Re:Brute-force password guessing not a problem

[dubbreak]

You can generate them offline and with a good set of dice you get real entropy.

I think we have a different definition of "good set of dice". My set of dice are "good" if they roll 20's consistently.

Re:

[cbiltcliffe]

I question why the hell anybody needs to have someone/something else generate a random password for them.

Can't you do it yourself? You've got 5 fingers on 1 hand. You've got a second hand. You've got a keyboard.

Just go KJNo867f*P7gP*&%o86fv:(O*& for shit's sake.

Re:

[MasterOfMagic]

Take anything that Steve Gibson claims with at least a grain of salt, preferably a whole shaker [google.com].

This is the same person that flat out accused Microsoft of putting the WMF exploit in Windows purposely so they'd have a way to get into any system. He had to backpeddal quickly from that claim.

Pardon me if I don't trust his judgment or his code.

Re:

[Bert64]

And MS removed raw socket support from SP2.... If it was insignificant, why did they bother removing it?

Re:

[Bert64]

Then why add it in the first place?
There are now some compatibility problems, due to any program designed for win2k or xp pre sp2 which used raw sockets...
And yes, 2k did have it so at least 1 previous version.

Re:

[cbiltcliffe]

And somewhere around that time, Amazon.com and eBay.com were DDoSed.

What's your point?

He's right. DDoS bots do have more power, now. The Internet also has more power. And the script kiddies that were doing DDoS attacks have now moved on to legitimate jobs, or to writing more insidious malware. In the meantime, large scale DDoS attacks seem to have fallen out of favour with the cracker crowd.

But, just because it's not being abused currently doesn't mean it's not going to be abused, or can't be abused.

Re:

[jellomizer]

guessmypassword
123456789111111
012345

isn't a good password.
Most Brute Force attacks are a little smarter then 1,2,3,.....,ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
Lets go threw the dictionary first (Caps on, Caps Off and caps with the first letter and without it).
Lets go threw the dictionary and followed by numbers between 0,99999999
Do the same with the numbers prefix the dictionary word.
Try Numeric Combinations.
Try Alpha Combinations.
Finally try every

Re:

[morgan_greywolf]

guessmypassword
123456789111111
                                    012345

isn't a good password.

That's why you gotta read my whole post -- you need letters, numbers and symbols. Mixed case also. My password is also not based on a dictionary word and means something only to me.

formulas make brute-force password guessing easy!

[Medievalist]

You need letters, numbers and symbols. Mixed case also.

If you follow such a formula black hats know more about your password than if you don't, so their brute force attacks from 10,000 node botnets just got exponentially faster. You made the key space smaller when you eliminated all possible passwords that do not contain letters, numbers, symbols and mixed case.

My password is also not based on a dictionary word and means something only to me.

That's a far better strategy.

Myself, I ignore all "rules" and "formulas" for password generation and use 64 characters or more for important passwords. Until this became possible (I'm old) I always use

Re:

[Anonymous Coward]

Lets go threw the dictionary first ...
Lets go threw the dictionary and ...

Please quit throwing dictionaries. Those things are heavy and they hurt.

Re:

[thePowerOfGrayskull]

Me thinks we need English 2.0 to come out soon. English 1.0 is way too ambiguous.

what r u saying? thru it all it has ben here always. u just need to see it

Re:

[realnowhereman]

Your arithmetic is up the shoot.

64 ASCII characters translates to 128 hex digits.

128 hex digits (four bits each) is 512 bits.

Slashvertisement Alert

[Spazztastic]

ElcomSoft Wireless Security Auditor runs on Windows NT SP4, Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008. The software ordinarily sells for $1,199, but is currently selling at half price ($599.5) until March 1, 2009.

And just in time for getting blogged about!

Time travel

[IceCreamGuy]

Russian-based ElcomSoft has just released ElcomSoft Wireless Security Auditor 1.0...

"Just" released? Like, a month [arstechnica.com] ago? Or was that just the announcement?
I think the key point with all this, though, is just don't use dictionary words in your passwords... for anything... ever. The same company makes software for all kinds of password systems, so just don't do it.

without dictionary words being involved, cracking is still quite intensive: perhaps three months to crack a lowercase-only random eight-character password using a PC with two Nvidia GTX 280 video cards.

Auditions

[Thanshin]

Heavy machine guns!

Audit your neighbors' dodge skills.

Full disclosure

[plover]

People who whine about these being "irresponsible" or "bad for security" always seem to forget that the bad guys may already have written stuff like this and are putting it to use. By publishing this software, it makes everyone aware that it's never safe to turn a blind eye to poor security practices.

If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process.

Re:

[hacker]

"If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process."

Until 3 hours later when THAT password is now cracked.

Lather. Rinse. Repeat.

Re:

[Spazztastic]

"If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process."

Until 3 hours later when THAT password is now cracked.

Lather. Rinse. Repeat.

Or then implement WPA2 enterprise that authenticates against your Active Directory or RADIUS domain with blacklisting against MAC addresses that aren't registered to that user.

Re:

[plague3106]

Great idea! I actually do that. Now, how do I allow my Wii or PSP to use my wireless network?

Re:

[Xabraxas]

Or then implement WPA2 enterprise that authenticates against your Active Directory or RADIUS domain with blacklisting against MAC addresses that aren't registered to that user.

Mac addresses are easily spoofed. RADIUS can also be brute forced. You also have to use IPSec to encypt the RADIUS message and use strong passwords.

Re:

[jcuervo]

Until 3 hours later when THAT password is now cracked.

Hours?

Re:

[Jurily]

People who whine about these being "irresponsible" or "bad for security" always seem to forget that the bad guys may already have written stuff like this and are putting it to use. By publishing this software, it makes everyone aware that it's never safe to turn a blind eye to poor security practices.

Absolutely. However, they also make it easy for casual attackers. Never underestimate a horde of script kiddies with a good script.

Re:

[lysergic.acid]

so should we ban the sale of lock picking kits, books, and locksmithing educational resources? after all, such information can help criminals as much as they help legitimate professionals.

the way to ensure security is to test the system rigorously, not to discourage the testing of such systems. and the best way to facilitate such security auditing is for the security community to share information and penetration testing resources with one another and foster public discourse.

ultimately, this type of brute-f

Re:

[plover]

Never underestimate a horde of script kiddies with a good script.

My point is that horde is acting as the advertisement and providing the impetus for getting the problems fixed. But the problems are never created by the tools, they're just exacerbated by them.

That's why we should celebrate these cracks, and take advantage of them. If my boss sees a news article that says "Hackers crack bad WPA passwords", I know he'll email me asking me to tell him how we generate our passwords. If I say, "I opened the dictionary to a random page and wrote down the first three words

Re:

[kabocox]

If some security manager reads this, goes back to work, and says "OK, change all our WPA passwords, our current ones may not be secure", he will be making a real improvement to his network. He might even be locking out an existing hacker in the process.

Until 10 minutes later the CEO calls the head of IT and has them change the WAP password back to Password1 so he can log in. It's nearly a known fact that managers can't type passwords longer than 8 characters successfully. 16 character or longer passwords b

Re:

[Xabraxas]

Unless, of course he's planning to do something bad, in which case, he would also have to break into the logging system and remove his brute force attempts and fake his mac address among others (which I know is not hard to do). But after all, if something done is that bad, I'm guessing investigators can always check the neighbors in the event of an investigation.

The bruteforce is done offline. The only thing you need to bruteforce WPA is a handshake that you can obtain by sniffing passively. There is no

Re:

[cbiltcliffe]

Remember TJX?

Well, now it doesn't take an idiot admin using WEP to get broken into and 94 million credit card numbers stolen.

Now you can feasibly do it with somebody who's using WPA, too.

Although with a decent dictionary, it's always been possible, but it took longer.

Re:

[plover]

Think of the tools that aren't released for a reason.

Not releasing the tools is why we have such big problems. There are bugs identified all the time, but vendors routinely ignore them or just sit on the patches. That means anyone else smart enough to figure out the bugs can abuse them until the vendor issues the fixes.

The way things effectively get fixed right now is the (good) hackers give advance notice to the vendors, but they also let the vendors know when they're going public with the flaw. When they go public, they have to demonstrate the bug with

I'm confused

[grizdog]

First off, does this kind of approach work against any rationally designed secure software? All that would seem to be needed to defeat this is for the the login procedure to have a few seconds of delay before it responds yes or no, and no speedup in the guessing will help. This is why we have shadow password files, right? Or have I just been using *nix too long?

Also, I've seen people using GPUs in all sorts of non-graphics computation environments for some time now. When push comes to shove, is this j

Re:

[Ciarang]

You're confused because you're thinking in terms of a login system, not encrypted data which you can easily see. (i.e. it's transmitted 'at you')

In simple terms, once you've intercepted some data you can have as many attempts as you like to find the right key to decrypt it.

You're Not Doing it Right

[zwekiel]

If your wireless network encryption key can be cracked by a laptop, you're not doing it right.

Choose a longer key, and for god's sake, don't use WEP.

No reason you have to use things like CUDA...

[Assmasher]

...to run 'generic' GPU applications. They just make things simpler for people not used to working with GPUs. Back in 2005 (can't recall) I wrote a computer vision algorithm (a simple multi-gaussian system) that uploaded live security video as a set of conglomerated images in a given texture size and output motion maps, just using early pixel shaders on an ATI 9700PRO (old even at the time.) It wasn't hard, although faking arrays via textures was a pain in the rear. ;)

Re:

[kreyszig]

...to run 'generic' GPU applications. They just make things simpler for people not used to working with GPUs.

indeed. see gpgpu.org which is mostly focused on using opengl and directx to do this.

This is true but misleading

[Scott Lockwood]

The real problem is using WPA with pre-shared keys - that's what this can really do some damage with. That, and they used it to set up a fake root CA. Um, this is almost a month old. WTF? Slashdot: Where you hear it last!

OpenCL

[Adam Hazzlebank]

I'd say it's particularly unlikely that it's using OpenCL seeing as there are no working implementations yet (unless someone knows better?)

Re:

[Creepy]

To be honest, I doubt it's difficult to write a proprietary shader without a GPU programming language for this since the GPU really only can be used to offload the hash computation (using the PSK and passphrase). The real trick is packing and passing data (say passwords) to that shader for processing efficiently, and that could be done in a variety of ways (e.g. stuffing them in a texture or a vertex buffer object).

The real limitation is probably the network interface once you have an efficient way of gene

Re:

[TubeSteak]

This might be a stupid question... but how come none of these GPU acceleration schemes utilize the shitty onboard graphics that come with many motherboards?

I know that onboard 3D graphics are vastly inferior to a discreet card, but it can't be completely useless.

Re:

[MostAwesomeDude]

Well, it's because these are usually CUDA (nVidia only) or CTM (ATI/AMD only). Onboard chips are almost always Intel or VIA, although both nV and ATI chips are occasionally put onto boards as well.

The good answer is that nobody's written CUDA/CTM/Brook+/OpenCL/etc. support for Gallium yet.

CUDA probably

[DrYak]

Until an implementation of OpenCL is out, CUDA is probably the only other mid-level GPGPU language that can represent byte-oriented binary operations.

(Perhaps using lower-level stuff like ATI's CTM/CAL too, but I'm not used to that).

Re:

[MostAwesomeDude]

My guess is that it was written in GLSL or HLSL, as those are the only shading languages that are high-level and that work on both ATI/AMD and nVidia offerings. (For now.)

Generating Passwords

[KiwiCanuck]

Isn't there a way of taking a prime number and converting it to ascii? I'm not a software guy, so I use to go to computer services (when I was in uni) and get them to generate a password for me. I have accumulated 8 passwords. Now I just rotate through them. Is this a good idea? Cheers for any advice.

Elcomsoft?

[tsstahl]

How many of their employees are going to get arrested [wikipedia.org] for this one?

Great Program

[JimmyRay_TWTV]

I tested this program for a upcoming show and I really liked it. The cost is high for most regular folks, so it is geared more towards Government/Commercial. For a nice open source option, I also recommend Pyrit. I had a few issues importing Aircrack files, but most of those have been resolved.

Brute Force?

[Fnord666]

... does is perform brute-force dictionary attacks of WPA and WPA2 passwords.

I tried using a non brute force dictionary attack on an encryption key once. I just tried every third word in the dictionary. It didn't seem to work as well as trying them all. In other words, there are brute force attacks and there are dictionary attacks, but there are no brute force dictionary attacks.

Re:

[Zironic]

A brute force dictionary attack tends to run through the entire dictionary with various prefixes,suffixes, numbers, capitalizations and even word combinations.

Re:

[nobodylocalhost]

Sure there is.

for example, your dictionary has

12345678
password
helloworld
computer

now you tested those passwphrase using a dictionary attack and they failed. So you know for sure these are not the passphrase. They can then be removed from the brute force efforts so you don't test the same thing twice.

GPL-licenced implementation

[Zayin]

May I suggest adding a reference to the GPL-licenced software pyrit [google.com] in the summary? It might be useful for people to know that a) Elcomsoft is not the first to implement this and b) a free software implementation exists (currently only for NVIDIA, but they are planning ATI support).

I've got a set of lockpick tools

[Locke2005]

I use them to "audit" my neighbor's front door security.

Ok, so now tell me who the real target customer for this product is.

just prehash them instead

[RiotingPacifist]

CoWPAtty can already do 18,000 keys/s , while this might help in generating the hashes its probably worth working out a hash table for your victim the night before anyway.

There, fixed that for you...

[Giant Electronic Bra]

ElcomSoft positions the software as a way to 'audit' wireless network security."

ElcomSoft positions the software as a way to 'audit'your neighbor's wireless network security."

Not using CUDA or Stream?

[nog_lorp]

CUDA and Stream *ARE* proprietary...

Re:

[raftpeople]

One of their tech guys was on the CUDA programming forum, so I assume they used CUDA for NVIDIA. Not sure why the article assumes that the "proprietary process" assumes the interface language is proprietary. I assumed it meant their method/algorithm was proprietary (given the fact that they patented it, they probably want to make it seem unique).

Re:

[click2005]

Patrick Mcgoohan (The Prisoner's Number 6) died too.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[plague3106]

What's illegal about it? If you're using it against your own network to test the strenght of your settings, I see nothing wrong with that. The question isn't why can they sell this legally, but why WOULDN'T they be able to do so? Given that any tool can always be used in bad ways, I don't think that should be enough to outlaw the tool itself.

It counts as a tool, like a hammer or pocketknife.

[Medievalist]

they can legally sell this because...

They live in a culture that has more commercial freedom than yours, apparently. Given that they are in Russia, that's a sad commentary on wherever you live.

why? just because they claim to be an 'auditor' means they can profit from a cracker?

Because it's a tool. You can cave people's heads in with a hammer, you can assassinate the pope with a kitchen knife. They are tools, they have no moral dimension. Even a thumbscrew can be used for moral purposes, such as a doorstop that keeps cute fuzzy puppies from running on to train tracks.

Effective tools amplify your ability to do things you want to do. They don't make it necessary or possible for you to commit crimes; your will and your circumstances are what makes you a criminal.

I have used wifi crackers to audit networks in my workplace with the full knowledge of my employer. I have never used one to commit a crime, ever. It's just a tool.

Re:

[dsanfte]

Effective tools amplify your ability to do things you want to do.

Problem is, that's why gun control works. A gun turns a violent impulse at a bar from a beating into a shooting. Fewer guns statistically, fewer beatings turn into shootings. As long as the gun control is effective and not just punishing law-abiding users, of course.