@Mr.SithNinja:
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from planet Druidia. What's the combination?
Dark Helmet: 1 2 3 4 5.
President Skroob: 1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Prepare Spaceball 1 for immediate departure!
Dark Helmet: Yes, sir!
President Skroob: And change the combination on my luggage!

Toshie

@soccer1105: It is difficult due to the limitations of the transport medium to begin with. I'm not sure about N as I haven't studied the specs on it, but A/B/G all use a packet process that uses 8 bits per bit of data. So take your throughput advertised and divide by 8 for how much data you can push through your wireless.

And then there are issues w/ wireless typically being used by portable devices. Increased encryption overhead reduces overall battery life. Not quite such a big deal for the home user, but for say your iPhone, or if you have a wireless system w/ a few hundred portable wireless devices in a warehouse. Well, you can see the problem posed.

Lite

Web Dude: "What's your password?"

Sales Guy: "a"

Web Dude "Just the letter 'a'?"

Sales Guy "Yeah, 'a' as in apple."

Mr.SithNinja

WPA2 has been crackable for some time now. Isn't it time that we come up with a new encryption standard that's a little more secure?... Say something with 1024 bit encryption or higher. I'm no expert, but from what I've read, WPA2 has a lot of holes that make it relatively easy to crack, even with a simple brute force method.

soccer1105

10/10/2008 - a day full of happy news.

EVEs_Mako

I bet they used a custom CUDA kernel running on one or two GeForce GTX 280 cards. That combination of software and hardware has been doing some amazing things in parallel computing and I think we're only seeing the tip of the iceberg.

Rotnmeat

And I was just thinking of how I would find my way into the schools wireless network the other day.
Hmm...

Eruanno

Anyone seriously interested in security, doesn't use wireless anyway. People who do, really just aren't that serious about it.

There are random mitigating things one can do, but it's pretty much an outright insecure medium.

Lite

Maybe this is the real reason for the NVidia recall? That they are too effective at cracking passwds?

auroragb

what is this "security" you speak of?

goods

Look the other way, guys, while I type in my password...

ALLIGATOR7

EricAlder

hmm 10,000 times faster, so how often must i change my wpa2 password then?

TBM-Fan

The card supposedly made the "password recovery" process up to 10,000 percent faster.

100 times faster?

Not as impressive as TEN THOUSAND PERCENT FASTER is it?

scarbrtj

And yes, I worship at the altar of Steve Gibson.

pete

@Eruanno: Look in your Synaptic, Adept, or apt-get lists for something like 'wep'. It's illegal for you use those packages to crack encryption without permission, but they're good if your grandparent forgets their wireless router key.

Yes, I said illegal.

Kanon

The article is completely misleading. WPA-PSK is only vulnerable if you use a weak key - only weak keys can be brute-forced.
What they're really saying is that they found a way to use the gpu in video cards to speed up this process by 10,000% (or 100x).
This speed increase is still many, many, many of orders of magnitude slower than what you would need to brute force a reletively strong WPA key within the lifetime of not the user attempting the hack, but of the planet earth.
A a completely random 64 hex character key gives you 1.34078079 x 10^154 possible combinations to try. That's a 1 with hundred-fifty-four zeros after it.
/The power of math compels you!

pete

10,000 times faster, but I think private users with decent wifi security are relatively safe.

Why bother spending your time on hacking one network, when there are way more people around with no encryption or WEP to protect their networks.

It seems like it would be worth someone's time if they were trying to attack a company's wifi network.

Shook-Yang

Sweet. Screw protein mapping, or medical visualization. Lets hack wifi via cuda.

1roll20s

Weird that this is the same day I see that quantum encoding has been worked out.

Chewbenator

OVER 9000?!?! NOOOOOO!!!1!!!!11

v0ice

@EricAlder: God I love Scrubs. Also it's

"Look away guys, while I type in my password..."

"Okay, Alligator7"

"Okay, you guys can look now..."

SmartedPander

@TBM-Fan: 100 TIMES faster. times. see above - if your passphrase is longer than 12 or so randomish upper/lower characters with numbers, it will not be cracked this millennium.

lpranal

Ju@TBM-Fan: Just don't use a password with less than 15 characters and you should be safe.

After all, why would it be worth it to hack into your network, when they can spend a fraction of the time and hack into an unencrypted or WEP encrypted wifi network.

Shook-Yang

@pete: excellent point. With a sufficiently long passphrase, speeding up the brute force rate 100x is like trying to empty the atlantic ocean with a bucket instead of just a coffee cup.

lpranal

I'm not one for the ins and outs of this stuff, so may I ask a simple question of a fellow reader more knowledgeable on the subject than I please?

If you were to use a router access list of predefined device MAC addresses for network access, breaking the wireless encryption regardless of the standard used wouldn't allow the hackers hardware throughput on the (then) unsecure connection would it?

This is probably where you'll tell me that the attacker could spoof a MAC address.

A two tiered security setup.

L.Rawlins

"This is probably where you'll tell me that the attacker could spoof a MAC address."

Heck no...we like to let people find THAT one out the hard way :P

OddManOut

@L.Rawlins: "This is probably where you'll tell me that the attacker could spoof a MAC address."

I forgot you mentioned that directly. But, YES, they can. And finding a viable MAC address to spoof is trivial in comparison to cracking the encryption/getting the password.

But as has been mentioned already if you use a fairly random passphrase with WPA2-PSK you are safe enough to not need to worry about it.

bpapa9013

@L.Rawlins:
"the attacker could spoof a MAC address."

It's like throwing pebbles at a giant to stop him from crushing your house :p

Altough as many have mentioned above, a long and complex key (WPA) will still keep you safe from most hackers

shinchan

@L.Rawlins: MAC address spoofing supported by most WiFi card drivers now, so all they would need to do is monitor the traffic (in the air, not via the router/AP) until they got a MAC addy that was communicating with that router/ap. Spoof their MAC and enter the password they already cracked and BINGO was his NAMEO.

Using MAC filtering as a form of WiFi security has been pointless for ~5years?

bpapa9013

@L.Rawlins: Yes, they would spoof the MAC address.

[searchnetworking.techtarget.com]

Shook-Yang

People can get very creative....
100 times faster = Brute force
10000 = Brutality!!!

ashamaniq

@soccer1105: The only good way to break WPA2 is to do a dictionary attack. Rainbow tables and what not. You can do a man-in-the-middle type attack to crap an enterpize key, but yeah, wireless will always be unsecure. There is simply no way to make it secure other than make it impracticle to brute force the encryption. The tech has caught up with the encryption method..just like with wep, wpa and the like...its getting obsolete, expect something new soon.

Joseph_Shaw_520

WiFi = Better to hack you with.

MagnoliaBoy

Anyone know how I can replace my quad core for a nvidia gpu as the cpu?

VakeroRokero

99.9 percent of the population will never get to use that software anyway, and when the new cards come down
to mere mortals price level / we have also new encryption systems that will require the next level of cpus anyway.

Its like police scrambling... we have heard it was cracked YEARS ago...also the GPS ....but does people use it? No.
Is it easy to get up and running? NO
Are there any cheap, reasonable within the 1K price range that can do it real time?....again....NO.

you can write stories like that out of the blue every month, it will make no difference to any of us because it isn't easily provable, its like saying....we now have invented the invisibility cloak, we will be able to buy it...next century...

JoOngle

@Shook-Yang: For the future. Wireless encryption is starting to become not only common sense even for basic computer users, and it's starting to become the law in some localities. When it's finally commonplace that people actually do use encryption, it'll be fully and readily hackable.

Other than that, identity thieves love this kind of stuff.

geowrian

@Mr.SithNinja: How many times did you reboot...?

geowrian

@L.Rawlins: Spoofing the MAC would allow them to get on your network (assuming the MAC they spoof isn't using the connection at the same time or it would cause conflicts). However, even without spoofing the MAC, if I break the encryption, then I can see all the data being passed between the computer and the AP. Yeah, I can't download porn on your Internet connection without spoofing, but I can still see what email you are reading and websites you are viewing.

geowrian

@pete: Good point. However, another point is that nearly all wireless APs either have no security, weak security, or "better" security with a "weak" (all lowercase, maybe a number or 2, maybe 1 special symbol, etc.) password.

geowrian

For schools, breaking into the WPA level doesn't matter as you still need a second login to use the network.

HexiumVII

this is so sexy, i can see this being applied to the Rainbow Tables processing as well.

WaffleTeamStrike

@pete: You made a small calculation error:

Hexadecimal is a 16 number couting system, so the calculation would be: 16^64. Or, knowing that it is a 256 bit encoding scheme: 2^256, which both come down to this value: 1.16x10^77
So 1 with 77 zeroes after it.

What you calculated is 256^64, you were probably confused with a byte, versus a hex, a byte does have 256 different values.

Alltogether there are still a lot of possibilities, but much and much less then you suggested.

Knirfie

I suspect that increase in speed required 4xSLi so everyone in their home is perfectly safe.

until some guy knocks on the door holding an industrial extension cord leading to his car and asks to borrow some power...

flick152

I'm going to assume they are using Nvidia's Cuda library which allows you to use the gpu as a processor which is quite a bit faster than any cpu on the market.

HenryCadmus

Seriously? I can crack the majority of WEP/WPA/WPA2 wifi setups in under an hour with an Eee PC 900 and BackTrack 2 or 3 and WPA Tables. Now what is really interesting is how hackers have used cheap hardware to generate the rainbox tables 400 times faster than you could on the fastest quad core box. Google churchofwifi for more info and implement 802.1x on your wifi networks

AviDawes

This article is too light on information to be taken seriously. 10,000 percent faster than what? What was the length of the key that was used? Was WPA PSK or Enterprise used? WPA and WPA2 (PSK version) can easily be more crackable than the oft maligned WEP if you use a weak 128 bit pre-shared key. If your pre-shared key is "a", as Mr.SithNinja writes, then sure it's going to be easily crackable but if you're using a reasonable pre-shared key then it becomes a lot harder. If it takes a 1000 years to crack my very strong PSK, then using this method it would take 5 years. YEARS. (These are of course just estimates but shows how easily you can distort the 10,000 percent faster statistic). Without some solid data and actual experiments to back this assertion up, this just becomes fear mongering and should not be perpetuated by journalists or by bloggers.

WinonaArlan

@HexiumVII: If I understand correctly, you can't access the school network, but you can monitor the traffic. The school needs another VPN encryption setup as a second form of protection, but the slow down encryption implies may still be a factor. There are other options in development that will solve the speed slash encryption strength trade off.

Jeff_was_here

@geowrian: 3 Times you always tell me 3 times.

Zawer