Breaking Wi-Fi Passwords with NVIDIA Ampere

April 12th, 2021 by Oleg Afonin
Category: «Elcomsoft News», «General», «GPU acceleration»

The supply of NVIDIA’s latest and greatest RTX 3000 series boards remains scarce due to production shortages and increased demand from gamers and cryptocurrency miners. That didn’t stop us from giving these cards yet another purpose: breaking Wi-Fi passwords.

The update to Elcomsoft Wireless Security Auditor added support for NVIDIA’s latest generation RTX video cards. But why do you need a video card to audit your wireless network?

The answer is… security. Wi-Fi passwords have a minimum length of 8 characters as mandated by the WPA2 standard. Brute-forcing even the shortest acceptable passwords with a CPU alone is painfully slow, making the effort unfeasible – just as the WPA2 standard developers wanted.

To solve the issue, we have two solutions working together. First, we are using the massively parallel GPU cores to perform computationally intensive calculations instead of the CPU. In other words, we’re using consumer-grade video cards made by AMD and NVIDIA to accelerate the recovery up to 500 times compared to a CPU alone.

Back to NVIDIA Ampere: how fast is fast? In our tests, a single NVIDIA RTX 3090 card (don’t ask how we managed to lay our hand on a sample) was able to crunch some 1.2 million Wi-Fi passwords per second. This is a massive performance increase compared to the previous champion, the famous NVIDIA GeForce GTX 1080, with its 334,000 passwords per second, and a huge win over CPU-only attacks.

Even 1.2 million passwords a second is not fast enough when it comes to passwords longer than 8 characters. This is why we complement GPU acceleration with smart attacks. These attacks target the human factor, and are based on dictionary words, lists of common and leaked passwords. By combining words from the dictionaries with smart mutations (modifications to the words from natural languages frequently made by the users), we can quickly effectively discover weak, insecure passwords with inadequate protection.

Elcomsoft Wireless Security Auditor is an integrated, all-in-one solution for auditing wireless networks. The tool integrates everything you need to pentest a wireless network from a Wi-Fi sniffer to highly sophisticated, GPU-accelerated attacks. The wireless sniffer uses a custom NDIS driver developed by Elcomsoft to enable the use of many general-use Wi-Fi adapters. Should you need higher reliability than a general Wi-Fi adapter can provide, you can use a dedicated AirPCap adapter. The built-in Wi-Fi sniffer allows automatically intercepting wireless traffic to save Wi-Fi handshake packet and perform an accelerated attack on the original WPA/WPA2-PSK password. Read more about using the tool for intercepting wireless traffic at Elcomsoft Wireless Security Auditor Gets Wi-Fi Sniffer.

When attacking wireless passwords, Elcomsoft Wireless Security Auditor employs a fast preliminary attack as the first step. This attack is specifically targeted to reveal common or weak Wi-Fi passwords in a matter of minutes. After that, you can run all kinds of highly sophisticated attacks supported in our flagship password recovery tool, Elcomsoft Distributed Password Recovery.



Elcomsoft Wireless Security Auditor

Audit security of your wireless networks and recover WPA/WPA2 passwords with Elcomsoft Wireless Security Auditor. In addition to the CPU-only mode, the new wireless password recovery tool features a patented GPU acceleration technology to speed up password recovery. Elcomsoft Wireless Security Auditor targets the human factor with smart attacks, combining dictionary attacks with an advanced variation facility. The tool accepts standard tcpdump logs supported by any Wi-Fi sniffer.

Elcomsoft Wireless Security Auditor official web page & downloads »