Cracking WPA Protected WiFi in Six Minutes

Tuesday, January 18, 2011

Dan Dieterle


Using WPA/WPA2 to protect your wireless network has been stressed for quite a while now. But, just how long would it take to crack a WPA-PSK protected wireless network?

Well, according to recent reports, security researcher Thomas Roth says with his brute force program he was able to break into a WPA-PSK protected network in about 20 minutes. And with recent updates to the program, the same password would take about 6 minutes!

People tell me there is no possible way to break WPA, or, if it were possible, it would cost you a ton of money to do so. But it is easy to brute force them” Roth said.

How is this possible you ask? Roth’s program uses the power of the Cloud, Amazon’s cloud, using EC2 computers to be exact.

And what kind of power is available? I am not sure exactly which Amazon cloud package Roth used with his program.

But a quick glance at the Amazon EC2 website shows that a Cluster GPU Quadruple Extra Large Instance provides access to 22 GB of memory, 33.5 EC2 Compute Units, 2 x NVIDIA Tesla “Fermi” M2050 GPUs, 1690 GB of local instance storage, 64-bit platform, and 10 Gigabit Ethernet.

And it looks like you can access up to eight of these systems before you need to fill out a special request form for additional servers.

Amazon charges 28 cents per minute for the service Roth used. And with his program checking 400,000 possible passwords per second cracking WPA just became pretty cost effective.

But using the cloud to brute force is nothing new to Roth, according to The Register:

Roth is the same researcher who in November used Amazon’s cloud to brute force SHA-1 hashes. Roth said he cracked 14 hashes from a 160-bit SHA-1 hash with a password of between one and six characters in about 49 minutes. He told The Register at the time he’d be able to significantly reduce that time with minor tweaks to his software, which made use of “Cluster GPU Instances” of the EC2 service.

Amazon is not too keen on Roth using the cloud for cracking passwords. According to an Amazon spokesman, using the cloud service to create a tool to show how security can be increased is okay. But don’t use it to actually crack passwords:

“Testing is an excellent use of AWS, however, it is a violation of our acceptable use policy to use our services to compromise the security of a network without authorization.”

Using a long complex password would prolong the time to brute force the password, but the Cloud based cracker program sounds impressive indeed.

Want to know more? Roth is scheduled to speak on this topic at the BlackHat 2011 DC seminar later this month and plans on making the software publicly available.

Cross-posted from Cyber Arms

Possibly Related Articles:
Hacking Cloud WiFi WPA Brute Force
Post Rating I Like this!
Taz Wake Interesting article and it is a shame I cant make Black Hat as I would like to find out more.

I do have a question though - is this system really only able to try 400,000 passwords per minute?

If we accept that a password consisting of 8 alpha numerics has 53 trillion combinations (source: then it would take this system about 252 years to brute force it.

Is there a decimal place error somewhere here?
Dan Dieterle Taz, sorry, it is 400,000 passwords per second. My bad.

Taz Wake Nice one - thanks for the clarification!

Great article.
Dan Dieterle Thanks Taz, appreciate it! I can't believe I didn't catch that! :)
Ben Keeley Nice article, yeah there were blogs last year about this. Need one of their clusters with decent GPU's and something like this
Liam McKay 400,000 passwords per second doesn't cut it either.

To brute force an 8 char alphanumeric (62 possible chars) string in an average time of 6 minutes would require something in the order of 300 billion passwords per sec.

Further reading confirms he is in fact talking about a dictionary attack, not brute force (which by definition is systematically checking all possible keys until the correct key is found)

Nothing has changed, WPA is as strong as the chosen pass phrase.
George Papandreou hi! nice blog about cracking a wpa wireless netword...but i ahve a question for you ... my wpa2-psk (aes) is:


I wrote it on my own it complex and a 63 length password....

IS IT CRACKABLE ..?? can you crack it ?
do hackers use a dictionary attack or bruteforce attack to crack a wpa password ...or they have other ways ?? (exploit vulnerabilities) ??

please explain ..

thank you !
George Papandreou sorry my password is !Fo96T%#__()ITk?NbV:>?"434G
George Papandreou .....i cant paste the whole password ...i dont know why.....
my password is 63 length key ....that look like the above about complexity ...
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.