Hackers Use Nvidia GPUs to Crack WiFi

[HaZ]

Most people grumble and complain about the high cost of top end GPUs. Now it appears that these GPUs are cost-effective ways to breach wireless network encryption.
Russian Hackers reportedly broke through WPA and WPA2 encryption using a brute force attac

Hackers Use Nvidia GPUs to Crack WiFi : Read more

 

[apache_lives]

it obviously wasnt a defective G84/86

 

[hannibal]

Well ATI 4870 and NVidia 280 has so much prute force, that this is somewhat possible... Can anyone see that there will be regulations that CPU's and GPU of certain power may not be available to common citicen, because of their decryption power? ;-)

Well, it can not happen! Can it?

Orwel 1984

 

[crystal_tech]

look into fold@home and think if someone tuned an app for bruteforce. "yea i can break that encryption no prob let me boot up my grid"

 

[manwell999]

brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.

If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.

This article should be taken with a grain of salt.

 

[Guest]

Dictionary attack isn't unthinkable, you'd be surprised how stupid passwords companies keep.

 

[daskrabbe]

Maybe, but if you sli two of them, it is only half of that!

 

[zenmaster]

[citation][nom]shinobi1233333333[/nom]Dictionary attack isn't unthinkable, you'd be surprised how stupid passwords companies keep.[/citation]

I worked as a consultant for a few months with a massive federal agency.
The Passwords for all Cisco routers were ........... "cisco".

Administrative IDs/PWDs for different systems were stored in clear text on LDAP servers available via Anonymous Access so they could be retrieved easily if an admin forgot them.

Scary is all I can say.
I ceased trying to add them after a couple months and moved on because they had no interest in actually even acknowledging all the problems I was hired to locate.

Needless to say, those couple items were only the very tip.

While if a hack was found, that is scary.
What is scary in my mind, are the folks who manage many networks.
(and not just small ones.)

 

[Shadow703793]

[citation][nom]manwell999[/nom]brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.This article should be taken with a grain of salt.[/citation]
True. Agreed. But the following comment makes sense compared to brute force:
[citation][nom]shinobi1233333333[/nom]Dictionary attack isn't unthinkable, you'd be surprised how stupid passwords companies keep.[/citation]

Just for lolz my school still runs on WEP!

 

[smalltime0]

[citation][nom]manwell999[/nom]brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.This article should be taken with a grain of salt.[/citation]
I agree, however if you consider the number of combinations that would actually be used to create the key (i.e. take out 11111...) that number will be significantly less.

 

[Guest]

SLI & Crossfire are not used for GPGPU aps; using Gx2 style cards you can currently put up to 8 graphics chips to work in a mini farm capable of nearly 8 teraflops from a single computer for less then $2k - outworking hundreds of high end cpu based machines with ease. Since CUDA uses a basic form of C++ anyone (given enough time) can develop an app to take advantage of this paradigm shift in computing power available to the general public.

 

[Guest]

WEP and WPA networks have been cracked before with just ordinary computers, in the likes of singlecore P4 and dualcores.
WEP cracking seems to only take a few minutes.
WPA cracking can be done over night.
to say that it takes many years, is only when the code is the last possible code of the 340282366920938463463374607431768211456 possibilities.
More likely you can cut that number in half, or even less.
In fact most codes use regular passwords, combined with numbers.
I yet have to find a user encrypting his network with a password in the likes of this: "@&*''. %&*" or something...
I have heard of people cracking WPA networks overnight, or doing 2 days to finish it.
By that they open multiple channels at once. Often routers with 1Gbit connection can be cracked 10x faster as routers with only 100 or 54Mbit connection.

 

[avi85]

It's actually a company and they are selling the software...
http://www.elcomsoft.com/edpr.html?r1=pr&r2=wpa

 

[daskrabbe]

There is no way AES was broken by a normal brute force attack. It is just a speedup(100x seems alot, what is it compared to?) of a dictionary attack which means we should think about what passwords we choose.

 

[wh3resmycar]

question is, where they able to run crysis? lol

 

[Guest]

There may be that many possibilities in total but their may be mitigating circumstances.

There may be a way to use wrong attempts to eliminate large blocks of possible combinations, or to help confirm details of the correct key.

Where this may not technically be a brute force attack, it would not be a dictionary attack either.

 

[daskrabbe]

[citation][nom]blackz06vette2[/nom]There may be that many possibilities in total but their may be mitigating circumstances. There may be a way to use wrong attempts to eliminate large blocks of possible combinations, or to help confirm details of the correct key.Where this may not technically be a brute force attack, it would not be a dictionary attack either.[/citation]

If this is true, then someone has broken AES, which would be a huge surprise to cryptographers across the world. But it would have nothing to do with nvidia or gpgpu.
Tell me when you get a copy of this breakthrough research paper.

 

[Freiheit]

I'd say it's unlikely this was a brute force attack against the keys, but more likely it was a brute force dictionary attack. The problem also lies with the wireless equipment used -- was it high-end stuff or home network stuff? WPA is supposed to allow for 64 character passwords, but for instance the Actiontec router I bought for my home cuts off the password after 20 characters. Since a "good password" is at least 20 characters, this means I can at best have a mediocre password and cannot, for instance, use the Perfect Passwords feature over at grc.com.

 

[Guest]

http://www.smallnetbuilder.com/content/view/30114/98/1/3/

This is an article from SmallNetBuilder posted by Tomshardware 6 or 7 months ago. It allows breaking standard WEB networks in a few hours. It works great.

This solution isn't brute force, rather it takes advantage of a security flaw in the way the host and the router talks to each other. (Every once in a while a small part of the real key is sent across the link.)

 

[daskrabbe]

[citation][nom]Freiheit[/nom]I'd say it's unlikely this was a brute force attack against the keys, but more likely it was a brute force dictionary attack. The problem also lies with the wireless equipment used -- was it high-end stuff or home network stuff? WPA is supposed to allow for 64 character passwords, but for instance the Actiontec router I bought for my home cuts off the password after 20 characters. Since a "good password" is at least 20 characters, this means I can at best have a mediocre password and cannot, for instance, use the Perfect Passwords feature over at grc.com.[/citation]
Still gives you ~10^30 possible passwords, which should be more than enough if you choose your password properly.

 

[igot1forya]

In the case of a VPN, any admin with a good sense about him would discover the DoS-like performance hit his VPN tunnel is getting and create an ACL to block the attackers source address. Besides, you could easily setup an ACL to block repeated failures anyways. If the brute force (or even dictionary attack) makes more than 10 failed attempts the ACL would lock out the offending IP address. No mater how efficient or fast the algorithm is, an ACL can nullify the attackers connection. It would be simpler to physically steal the server your breaking into than to get around the ACL protecting it. Chances are, most admins would not have these ACLs setup in the first place, however.

 

[Shadow703793]

^Exactly.

 

[Guest]

Just look at the guys who used some educational lpga's to crack RFID encryption, it only took them 2-4 days to crack encryption with an array of 6 units running parralel. They added 8 more and said within less then 16 hrs it had increased the speed at which to subverte any encryption thrown at it. This isn't theoritcal anymore. Those in the know have heard about the guys/girls who call themselves SkyNet, the project using quadcores to break any encryption routines in less then 20minutes is the goal.

 

[kamkal]

as someone mentioned, cut the bastards off after try #3

 

[kamkal]

[citation][nom]manwell999[/nom]brute forcing 128 bit encryption means searching a key space of 340282366920938463463374607431768211456 possibilities.If a gtx280 could do 1.2 tera keys per second, which is it's theoretical ops per second. Then it will take an average of 8985747937130265067 years to crack a 128 bit key by brute force.This article should be taken with a grain of salt.[/citation]

brute force isn't happening anytime soon hehe