jmke

GPU-powered general-purpose computing is causing all sorts of security nightmares these days, and wireless access points secured with WPA seem to be the latest victim. Elcomsoft, of “Advanced eBook Processor” fame, released a proprietary WPA/WPA2-PSK cracker that uses GPUs to brute force passwords in record time.


Elcomsoft claims its software can try almost 16,000 passwords per second (p/sec) with a single Radeon HD 4870, using an “advanced dictionary attack” that mutates entries from a master wordlist. Advanced hardware, such as the NVIDIA Tesla S1070 GP-GPU, raises the password rate to more than 52,000 p/sec – compared to an Intel Core 2 Quad Q6600 CPU, which clocks at 1,100 p/sec.

The program, known as the “Elcomsoft Wireless Security Auditor”, claims it was designed for network administrators and IT personnel seeking to audit internal security, as well as external penetration testers and other “white hat” hackers.

src: http://www.dailytech.com/New+Softwar...ticle13963.htm

Guidelines for strong passwords

• Include numbers, symbols, upper and lowercase letters in passwords
• Password length should be around 12 to 14 characters
• Avoid any password based on repetition, dictionary words, letter or number sequences, usernames, relative or pet names, or biographical information (e.g., dates, ID numbers, ancestors names or dates…).
Examples of weak passwords
• Default passwords (as supplied by the system vendor and meant to be changed at installation time): password, default, admin, guest, etc.
• Dictionary words: chameleon, RedSox, sandbags, etc.
• Words with number substitutions: password1, deer2000, john1234, etc.
• Words with simple obfuscation: p@ssw0rd, l33th4x0r, g0ldf1sh, etc.
• Doubled words: crabcrab, stopstop, treetree, etc.
• Common sequences: qwerty, 12345678, mnbvcxz, etc.
• Numeric sequences based on well known numbers such as 911 (both a notable date in 2001 and, in the US, the usual telephone emergency number), 314159.. (pi), or 27182.. (e), etc.
• Identifiers: jsmith123, 1/1/1970, 555-1234, ‘your username’, etc.
• Anything personally related to you: license plate number, Social Security number, current or past telephone number, student ID, address, birthday, relatives' or pets' names/nicknames/birthdays/initials, etc.

“The core principle is that a password should have high entropy (usually taken to be equivalent to randomness) and not be readily derivable by any ‘clever’ pattern, nor should passwords be mixed with information identifying the user.”

http://en.wikipedia.org/wiki/Password_strength
http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access

src: Charles

Attached Thumbnails

__________________