Brute forcing 5-12 character WPA in practice ?
#1
Hi folks,

I've been tasked with setting up a system to test the strength of WPA/WPA2 passwords, and I have a budget of a few thousand dollars to build something.

A remote user will (using besside-ng for example) to grab WPA handshakes, then upload them to whatever system we build to attempt to be cracked.

I have a few basic questions about getting started.

1. Is hashcat (or oclhashcat) the best tool for the job? (cracking WPA/WPA2 handshakes).

2. Is building a desktop/server system with multiple video cards truly the best solution? As opposed to using traditional servers (like a dell rack server, as we have several of these in the datacenter that could be repurposed already).

3. Another option is running a small cluster on EC2. Does anyone do this with hashcat, is it practical?




Thanks for your time.
#2
Its the fastest, I dont know about best.

Generally yes. You could distribute work across multiple systems with a few cards but it would require quite a bit of work. Also, standard rack mount chassis will probably not have enough air flow to properly cool the cards.

You could, people have done it, but tesla instances are 2.10 an hour I think? The speed you get from that is terrible as well.
#3
(01-09-2014, 03:20 AM)futant Wrote: 1. Is hashcat (or oclhashcat) the best tool for the job? (cracking WPA/WPA2 handshakes).

Without question.

(01-09-2014, 03:20 AM)futant Wrote: 2. Is building a desktop/server system with multiple video cards truly the best solution? As opposed to using traditional servers (like a dell rack server, as we have several of these in the datacenter that could be repurposed already).

It is if your budget is that small. Your Dell servers cannot handle high-end GPUs. If you wanted to go the server route, you would need a specially-designed GPGPU server chassis that can handle AMD Radeon GPUs. There are only maybe four chassis out there that work really well for this.

(01-09-2014, 03:20 AM)futant Wrote: 3. Another option is running a small cluster on EC2. Does anyone do this with hashcat, is it practical?

Not a good idea. Too expensive, hardware sucks, performance sucks.
#4
first
#5
son of a bitch
#6
Thanks for the information guys. I have a few more questions if you don't mind.

1. What kind of machine is necessary to crack say 95% of WPA handshakes in a single day or less, if I am only cracking one at a time? Even one that has a very non-dictionary passphrase. Is this even theoretically possible? Are some WPA passphrases actually uncrackable in a practical time frame ?

2. Does anyone offer cracking on high-end hardware in some automated fashion? I used cloudcracker.com one time, but it did not crack my passphrase using a 46m word dictionary and it costed $17 for a single attempt. Is anyone else doing this, but way better/more affordable?
#7
Theres no way to estimate that because it depends on the length. If you knew the structure of each, you could get a ballpark of the maximum running time.

There have been places that have done it, but most dont stick around long as its not incredibly profitable. Also, legitimate users would probably not trust their hashes without strict NDA's. If they went the slightly more shady route and just accepted whatever, paypal accounts wouldnt stay open for long due to fraud.

That being said, you may find a PM from some people on the forum that would be willing to jump through those hoops.
#8
I'm curious if anyone has any reasonable time estimates for actual brute force of a WPA passphrase that is between 5-12 characters and is mixalphanumeric , on any kind of hardware that is in used in practice here?

What kind of systems have been built for brute force cracking? I'm curious about specs.
#9
Dont make new posts when the conversation can clearly be carried out in the OP.
#10
Apologies- thanks for moving thread.