Cloud-based cracking tools were introduced a couple of years ago for everyone to use ( e.g. Cloudcracker ) and with easily rentable cloud servers ( e.g. Amazon EC2) you can always write your own password cracker. With quick access to scalable server farms the password cracking is no more a problem about time spent cracking but more about money spent cracking. How much money someone wants to use to crack your WPA2/AES password?
You should first read this article:
Tom's Hardware: Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud
According to article, in 2011 it cost $160 to crack password with 6 ASCII characters. We still live in a world of Moore's Law so we can calculate crude estimates about how the price will fall in next decades.
From this chart you can see that if you use password of 9 ASCII characters with today's hardware it costs $ 30 000 000 to crack it. If you are not designing stealth airplanes I would not worry about it ;)
If someone is willing to pay $10 000, your 8 character password can be cracked in 2022.
This is meant to be very simplified presentation about how cloud computing changes the "rules" of password cracking. It isn't anymore about how many hours it takes when anyone can rent cracking power online. Even intelligence agencies with their own servers farms have to think about the cost of cracking.
So relax. If you have password of 12 characters it still costs $1000M to crack in 2036. No matter how many million servers they have in their farms. Remember, extra characters in your WPA2 password do not cost anything.
All this is of course changed when the first password cracking quantum computers are up and running in ten years from now...
You should first read this article:
Tom's Hardware: Wi-Fi Security: Cracking WPA With CPUs, GPUs, And The Cloud
According to article, in 2011 it cost $160 to crack password with 6 ASCII characters. We still live in a world of Moore's Law so we can calculate crude estimates about how the price will fall in next decades.
From this chart you can see that if you use password of 9 ASCII characters with today's hardware it costs $ 30 000 000 to crack it. If you are not designing stealth airplanes I would not worry about it ;)
This is meant to be very simplified presentation about how cloud computing changes the "rules" of password cracking. It isn't anymore about how many hours it takes when anyone can rent cracking power online. Even intelligence agencies with their own servers farms have to think about the cost of cracking.
So relax. If you have password of 12 characters it still costs $1000M to crack in 2036. No matter how many million servers they have in their farms. Remember, extra characters in your WPA2 password do not cost anything.
All this is of course changed when the first password cracking quantum computers are up and running in ten years from now...
Comments
Post a Comment