|
|
|
|
|
|
by rft
960 days ago
|
|
|
> WPA2 is susceptible to offline-dictionary attack and the cost is quite low (less than $10), especially with cloud computing. I agree that offline attacks are a threat to WPA2, but do you have a cost breakdown/source/? for that cost figure? The attack to me is still in the realm of unlikely if not using a common, rainbow-tabled SSID and/or very simple password. I am not involved in the GPU cloud compute area, so I only did a very quick check on EC2 GPU instance pricing. At about 10$ that translates to about 2 hours of g5.12xlarge with 4 high end GPUs. I am not familiar with these models, but I am assuming they are comparable to high end, current gen GPUs. To me 8 GPU hours sounds a bit on the low side, even for relatively weak passwords. For reference, it seems an RTX 3090 does about 1 MH/s [1]. 8 GPU hours on that card translates roughly to 230 billion (230x10^9) password variants, a lot, but not overwhelmingly a lot. An 8 character lower+upper+digit is estimated at about 47 bits, so roughly 140x10^12. A wordlist+mutation is likely far more efficient than a naive attack. I am on the fence whether this makes for a reasonable 10$ real world attack. Happy to learn I am stuck in the past! (The rainbow table I am talking about: https://www.renderlab.net/projects/WPA-tables/) [1] https://gist.github.com/Chick3nman/e4fcee00cb6d82874dace7210... (EDIT: * -> x, one day I will learn formatting) |
|
|