Granted, you can cut this number by utilizing a thousand computers, each with eight V100 boards, and get a much more reasonable estimate, but why would anyone spend that much effort breaking a Wi-Fi network protected with just an 8-character password?Ī smarter attack won’t cost you anything, but may result in significantly higher success rate in significantly less time. A single NVIDIA Tesla V100 can try as many as about 650,000 WPA/WPA2 passwords per second.Īs a result, you’ll need an estimated 323 years to break that password using a single Tesla V100 board. Even if the password is exactly 8 characters long, can you break it using a brute-force attack? Let’s calculate!Īn 8-character password that contains characters from the extended character set (small and capital letters, number and special characters) has 6,634,204,312,890,625 possible combinations. The WPA/WPA2 always consists of at least 8 characters. You can attack passwords within Elcomsoft Wireless Security Auditor for GPU-accelerated recovery, or Elcomsoft Distributed Password Recovery, which can use multiple computers and multiple GPU units to accelerate attacks. Please refer to Elcomsoft Wireless Security Auditor manual for information on installing WinPCap and NDIS drivers and capturing a WPA/WPA2 handshake. A compatible WinPCap driver is provided with Elcomsoft Wireless Security Auditor.
Note: you must install a WinPCap driver to enable Wi-Fi sniffing. With this tool, you can automatically intercept Wi-Fi traffic and launch an attack on selected Wi-Fi networks. The custom NDIS driver for 32-bit and 64-bit Windows systems is digitally signed by Microsoft, and can be installed on all compatible versions of Windows including the latest builds of Windows 10. Elcomsoft Wireless Security Auditor takes AirPCap out of the equation, delivering a software-based Wi-Fi sniffing solution that works on regular Wi-Fi adapters. The traditional approach to capturing a WPA/WPA2 handshake was using a dedicated AirPCap wireless adapter and specialized software.
In order to capture the WPA/WPA2 handshake, use the built-in Wi-Fi sniffer in Elcomsoft Wireless Security Auditor.
This dump is essentially a file you’ll be using in the password recovery app when attacking Wi-Fi passwords. Pre-Requisitesįirst and foremost, you’ll need a WPA/WPA2 handshake dump.
In this article, I will show how to attack wireless passwords for the purpose of security audit.
Considering the relatively low performance of WPA/WPA2 password attacks, brute force attacks are rarely effective even when performed with a network of GPU-accelerated computers. The WPA standard enforces the minimum length of 8 characters for all Wi-Fi passwords. The most frequently used method of securing access to a wireless network is pre-shared passphrase, or, simply put, a text password. Modern wireless networks are securely protected with WPA/WPA2.