Upcoming Black Hat Talk

Because of the huge media coverage about my upcoming talk “Breaking encryption in the cloud: GPU accelerated supercomputing for everyone” at Black Hat DC I want to make sure that no one is getting a wrong impression on what I’m going to demonstrate:

Back in November last year (happy new year by the way) I did a very simple benchmark using the CUDA Multiforcer to get a basic idea on how Amazons new ‘cluster GPU instances’ are performing when it comes to brute forcing passwords that are stored as SHA-1 hash. Because I was very interested in doing some work in this direction, I decided to start programming a tool that’s able to startup instances on the Amazon EC2 cloud and uses them to crack encryptions in a distributed way. The possibility of doing so is nothing new: Moxie Marlinspike, a hacker/sailor/pyrotechnician, is running a service called WPACracker that can be used for cracking handshake captures of WPA-PSK using several, very large dictionaries on a 400 CPU cluster that runs on the Amazon cloud. Even though this process is pretty fast (around 20 minutes), I wanted to know how much speed at which cost factor we can get using the latest generation of cloud instances.

The results of my work and the tool that I developed to do this will be released as part of the talk, so that everyone will be able to start his own cluster in the cloud and get some impression on what can be done using the latest high performance computing possibilities. To give you an idea on what I mean with high performance: I’ll demonstrate how to break a WPA-PSK handshake at a speed of ~400.000 PMKs/s, maybe (if I get it finished till then) also at a speed of over 1.000.000 PMKs/s per second.

This entry was posted in Security and tagged , , , , , , . Bookmark the permalink.

11 Responses to Upcoming Black Hat Talk

  1. Yvon says:

    Hello Mr Roth,

    I am trying to figure out the implication of being able to break the WPA-PSK handshake. Would it mean that someone can then decipher the conversation between the AP and connected device? Given the handshake could you then obtain the actual passphrase or the result of the pbkdf2 for that network? Otherwise, if the device reconnects, the handshake should be different and you would need to recompute it.

    Does this affect only wpa-tkip? or does it apply also to wpa-AES and wpa2-AES?

    thanks for your time.

    Yvon

  2. Pingback: Cracker une clé WiFi WPA (PSK) grâce au cloud’cracking

  3. Pingback: Tweets that mention Upcoming Black Hat Talk « stacksmashing.net -- Topsy.com

  4. Pingback: » Tanie Wi-Fi hackowanie -- Niebezpiecznik.pl --

  5. Pingback: לפרוץ רשתות אלחוטיות בפחות מ-2 דולר | Newsgeek

  6. Kau-Boy says:

    I read about your talk on Spiegel-Online. As an IT-Student I always tell my friends not to use a password that can be found in a dictionary (even written backwards or with substitution of chars by digits). So I would really like to know: What was the actual passwords you cracked? Was it a faily simple word from a dictionary? Did it used substitution? Or was it a completely random password?

    You don’t have to pusbish the acutal password, I just wanted to know the complexity so I can tell my friends, that they don’t have to worry if their passwords are complex enough.

  7. testimus says:

    hi,

    from where can i download your Cloud Cracking Suite (CCS) based on EC2 amazon ?

    would you please put the link in your page…

    thanks,

  8. R00T_ATI says:

    Yes, let us know! Thanks!

  9. Anonymous says:

    Great talk at BlackHat DC! Though, it’s unfortunate that the fed’s got involved with this. Hopefully everything gets worked out soon and we can see a release of your highly anticipated CCS tool. :)

  10. Anonymous says:

    The feds got involved over a distributed computing project. That’s just silly.

  11. Blademoon says:

    Hello Thomas! I need to clarify one point. Use this method really crack WPA2-PSK using brute force? The fact that I have always someone hacks into the key of my wireless network. I’m using WPA2-PSK. The key of course changed. But everything is repeated again and again. I have a router Zyxel NBG 334W EE. Firmware version 3.60 (AMW.3) D0 to NBG334W EE. Use a clean WPA2 mode are not compatible with WPA.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>