Best Configuration for optimal cracking
#1
Hi All,

This si my first post, so aplologies if the question is too trivial. I have been asked to evaluate OCLHashcat plus for cracking wifi passwords. The layman requirement would probably be to run a brute force attack against possible password combinations. I would like to evaluate against passwords of varying strength of length >8 and < 32.

My question is what would be an optimal configuration? I would like to sue a GPU cluster, but the question then again is which make and how many? Is it better to use say 2 GPUs of a much better make (and more expensive) as compared to say 10 cheaper GPUs? Has anybody tested it on a larger scale (say > 8 GPUs) and what has been the experience?

I know a faster cracking would mean an expensive setup. I have some sort of a grant and I think budget should not be a big issue (within reasonable limit, I wont want a budget of USD100K!!). Is there a possibility of a decent config which can help me crack passwords (8 to 32 chars) in less than say 6 hours??? SOmething like-

http://arstechnica.com/security/2012/12/...n-6-hours/

Sorry for too many questions but I would like a good starting point so as to plan it out.

Thanks
Mac
#2
WPA is not LM or NTLM. What you are asking is practically impossible. You would need 2,362,609 Radeon 7970 GPUs to brute force WPA length 8 in less than 6 hours. And as brute force has exponential time complexity, you would need 570x more 7970s to brute force length 9.
#3
(08-26-2013, 10:20 AM)epixoip Wrote: WPA is not LM or NTLM. What you are asking is practically impossible. You would need 2,362,609 Radeon 7970 GPUs to brute force WPA length 8 in less than 6 hours. And as brute force has exponential time complexity, you would need 570x more 7970s to brute force length 9.

Thanks for the reply. My next question would then be, how to make a "reasonable" cracking system? Is the tool only efficient if we crack against a predetermined list of 'popular' passwords? I am sorry but I am just trying to understand the usage scenario of OCL hashcat plus.

Thanks again

Mac
#4
Yes, wordlist-based attacks and very small rule-based attacks are the only practical attacks you can run against WPA. WPA is a solid algorithm.
#5
(08-26-2013, 10:29 AM)epixoip Wrote: Yes, wordlist-based attacks and very small rule-based attacks are the only practical attacks you can run against WPA. WPA is a solid algorithm.

Thanks epixoip. Then what I believe is that in a "practical usage" scenario, in a security conscious world, wherein most users would start keeping a "strong" password, the cracking becomes impractical.

If I take all the possible passwords for 8 digit, I get 95^8, which is a huge number. I dont think I can get a reasonable word list for that Smile.

Having said that I do understand that everything depends on the quality of word list I have.

Do we have any kind of "database" and some "test results" run against that? Analysis like PMKs/s so I may get a good idea of what I can achieve and tone down my expectations accordingly?

Your help is much appreciated.

Mac
#6
A single Radeon 7970 can pull about 130 KH/s on WPA with oclHashcat-plus, which is much faster than aircrack-ng's pre-computed tables.

Yes, your success cracking WPA is entirely dependent upon the quality of wordlists that you have. In a security-conscious world, yes, cracking becomes impractical. Thankfully we do not live in a security-conscious world! But even a fairly insecure password by modern standards is relatively safe with WPA. You might also get lucky and have a device which uses a factory password or default password. There are certain tricks that can be used for e.g. ATT Uverse routers.

I sent you a PM by the way, don't know if you saw it since you likely not yet familiar with the forum.