12

Bob has a password (for his WPA encrypted wifi) which is 8 characters, all lowercase, and not a dictionary word.

Eve lives next door to Bob and wants to illegally hack his WPA. The number of possible passwords is 26^8 (is that right?).

EDIT: The ssid is not common, and there is no rainbow table available for it.

How long will it take Eve to brute force that password if she has a: a regular desktop machine from 2011 b: a powerful desktop, with GPU (does GPU help at all in this case?) c: a GPU cluster of 8 cards d: access to amazon cloud GPU clustering and a couple of hundred dollars.

another edit:

The UK's only cable ISP (Virgin media) provides a combined modem / wifi router. This is supplied with an SSID of the form "virginmedia1234567" (The word virginmedia with a 7 digit random number), with a random password of the form "abcdefgh" (8 lowercase letters). I have this router, and have changed everything. Many neighbours also have this router. I have no idea (and I'm not going to try to find out) if they've changed their passwords.

DanBeale
  • 2,074
  • 3
  • 18
  • 27
  • 4
    one additional factor you'd need to consider for this is whether the SSID of the network is one of the common ones. There are rainbow tables for WPA available http://www.renderlab.net/projects/WPA-tables/ but they only cover a set of common SSIDs – Rory McCune Sep 25 '11 at 11:46
  • Downvoter - please leave a comment? – DanBeale Sep 25 '11 at 12:11
  • 1
    +1 Sounds interesting. I tried researching on Google but couldn't find anything conclusive. – Mark E. Haase Sep 25 '11 at 15:11

1 Answers1

9

(a) a desktop CPU can do roughly 1000 passwords/second. (b) a desktop GPU (graphics processor) can do roughly 80000 passwords/second, or 80 times the speed of a CPU, or 30 days to crack your hypothetical password (c) a cluster of 8 GPUs is 8 times the previous number, or 8*80000 or 640k passwords/second, or 4 days to crack your hypothetical password (d) Amazon EC2 uses older/slower GPUs

You say "not dictionary word", but it's more complicated than that.

The "dictionaries" used by password crackers aren't the "English dictionary", but dictionaries of known passwords. The most common dictionary is the list of 20 million RockYou passwords. These were passwords chosen by users of a website that was hacked. Once hackers broke in, they published all the passwords, so they form the basis of cracking dictionaries. This is many times larger than an English dictionary, and contains such things as "ncc1701" (Star Trek ship designation).

Furthermore, cracking looks at "mutations" of dictionary words. Thus, while your password may not be in the RockYou list, it might be a near match that will eventually be found.

Robert David Graham
  • 3,893
  • 1
  • 15
  • 14
  • To carify about "not a dictionary word" - these 'words' are randomly generated strings of 8 chars, thus it's possible that a dictionary word would be generated, but not likely, even including substitutions etc. – DanBeale Sep 26 '11 at 13:44
  • What algorithm / where are you getting those numbers? For example, there are claims of 4 billion md5 hashes a second per GPU using custom code. I know *no one* would use md5 hashes for keys, but it's just an example. – Bradley Kreider Mar 13 '12 at 17:23
  • @rox0r *"I know no one would use md5 hashes for keys"* /me shuffles away, muttering he thought it was a good idea :( – Luc Feb 08 '15 at 20:52