Archive for the ‘Industry News’ Category

New sweeping WPA Cracker & its alternatives

Tuesday, December 8th, 2009

It’s a well-know fact that WPA-PSK networks are vulnerable to dictionary attacks, though one cannot but admit that running a respectable-sized dictionary over a WPA network handshake can take days or weeks.

A low-cost service for penetration testers that checks the security of wireless networks by running passwords against a 135-million-word dictionary has been recently unveiled. The so-called WPA Cracker is a cloud-based service that accesses a 400-CPU cluster. For $34, it can run a password against all 135 million entries in about 20 minutes. Want to pay less, do it for $17 and wait 40 minutes to see the results.

Another notable feature is the use of the dictionary that has been set up specifically for cracking Wi-Fi Protected Access passwords. While Windows, UNIX and other systems allow short passwords, WPA pass codes must contain a minimum of eight characters. Its entries use a variety of words, common phrases and "elite speak" that have been compiled with WPA networks in mind.

WPA Cracker is used by capturing a wireless network's handshake locally and then uploading it, along with the network name. The service then compares the PBKDF2, or Password-Based Key Derivation Function, against the dictionary. The approach makes sense, considering each handshake is salted using the network's ESSID, a technique that makes rainbow tables only so useful.

Everything seems to be perfect, but for the fact that there exists another alternative to crack WPA passwords which allows to reach the same speed. Just instead of installing a 400-CPU cluster, it’s possible to set 4 top Radeons or about two Teslas and try Elcomsoft Wireless Security Auditor.

Elcomsoft Wireless Security Auditor: WPA-PSK Password Audit

More on Radeon HD 5000

Thursday, September 10th, 2009

Tom’s Hardware is a really good source we can definitely trust, so if you need more details on Radeon HD 5000-series cards (specifications and prices) that are coming soon, just read:

Best Graphics Cards For The Money: September ’09

Update (Sep 16th): GT300 could outperform the Radeon HD5870

Update (Sep 22nd): ATI Radeon HD 5870 pricing and specs list revealed

Update (Sep 23rd): ATI Radeon HD 5870: DirectX 11, Eyefinity, And Serious Speed

AMD vs NVIDIA, next round

Wednesday, September 9th, 2009

Looking for new password cracking hardware (to take advantage of GPU acceleration)? Wait just a little bit more: new ATI and NVIDIA cards (with DirectX 11) will be available soon.

ATI is going to release Radeon HD 5000 cards (5850, 5870, 5870 X2) in October — well, hopefully. The top one (HD 5870X2: single-PCB, dual-GPU) will retail for $599.

As for NVIDIA’s new GT300, the specifications were revealed in April. In brief, it groups processing cores in sets of 32 (up from 24 in GT200) — up to 512 cores total for the high-end part. If the clocks remain the same as on GT200, that will double the overall performance. And there are other improvements as well: e.g. GT300 cores rely on MIMD-similar functions. Some fresh information about GT300 availability:

You may ask — what about Intel? Well, new Core i5 and i7 (codename Lynnfield) now available. Nothing revolutionary new, just Intel P55 Express Chipset support: integrating both a 16-lane PCI Express 2 graphics port and two-channel memory controller on a single chip (previous chipsets required separate northbridge and southbridge), as well as several minor improvements. More information and some benchmarks at Intel Lynnfield; Core i5 750 and Core i7 870 Evaluation and New Intel Core i5, i7 Processors Product Matrix.

And still [almost] noting about Intel Larrabee, mostly just rumors:

Finally, funny article: NVIDIA to Intel: Your Days Are Numbered 🙂
 

Intel Larrabee, AMD Llano: when?

Tuesday, June 23rd, 2009

According to NordicHardware, Sapphire Or Zotac Might Launch Larrabee. No further information on Larrabee yet, though; as we already wrote, the Larrabee lauch date is set to 2010. The only news from Intel so far is about i3, i5, i7 CPU naming system: Lynnfield, Clarksfield, Arrandale, Clarkdale; besides, Intel plans shipments of 32nm ‘Clarkdale’ in Q4.

What about ATI? Nothing really new so far; but here is some info on Llano chip; also, in AMD blog, and at Tom’s Hardware: ATI Stream: Finally, CUDA Has Competition.

AMD Phenom II 42 TWKR Black Edition is the new black

Friday, June 19th, 2009

The world is waiting for the specifications of currently most powerful processor – AMD Phenom II 42 TWKR Black Edition aka Formula 1. They say it has an unlocked clock multiplier for ease of overclocking, though consumes 200W and thus requires good cooling. One of the pictures on the website of Maingear PC founder and CEO (Wallace Santos) has a not-for-sale-note which caused a gossip that the new processor is not meant for retail, but probably for direct selling from AMD to “extreme enthusiasts”.

So, let’s wait together for a detailed description. 🙂

The smallest password cracking device

Tuesday, June 9th, 2009

We wrote about the new iPhone last week, but these we only rumors. And now it is officially announced (on WWDC); the sales will start on June 17th (in the U.S.). Additional information is available at Apple web site: general and about iPhone 3.0 software update. But unfortunately, still no tech specs of its GPU; according to the above article, Maybe there is some truth to the rumors that Apple is using OpenCL. If that’s true, there will be (technical) ability to crack passwords on it, and the speed should not be disappointing.

News from the other side: Intel could Atomise handsets in two years. An era of portable password crackers is coming 😉

Did You Change Your Password on a Happy ‘Change Your Password Day’?

Monday, June 8th, 2009

 

Password management has got government support and the status of the national initiative in Australia. The National E-security Awareness Week is held from 5-12 June this year. A series of events and workshops take place across Australia to raise awareness of e-security risks.

In the interview to ABC radio, Australian Communications Minister Stephen Conroy urged to use stronger passwords and update them regularly. He recommended passwords that are 8 or more characters long, including lower- and upper-case characters, one digit and one special symbol. Passwords should be updated at least twice a year.

We welcome the Australian initiative to raise awareness of secure passwords. In the recent years we at ElcomSoft have been trying to draw attention to the fact that both individuals and businesses have to rethink passwords they use. Password recovery techniques have developed much thanks to growing potential of parallel computations and supporting architectures, cheaper graphic adaptors’ prices and constant cryptographic research.

We recommend changing your password every 3 months. Do not forget that for applications with 40-bit encryption (e.g.MS Office 97/2000) 8-character passwords are not enough. Never use any personal data or dictionary words for your password. Read our white papers to learn more about password strength.