Page 1 of 1

Elcomsoft Wireless Security Auditor / EWSA - testing / setup

PostPosted: Fri Mar 15, 2013 8:53 pm
by Sethioz
NOTE - this is outdated info, read through the topic to see the latest info!

Recently i tried to take a whack at another handshake that i got. I know for sure it uses lower case chars only and is 8 digits in lenght.
doesn't sound much at all, if it would be MD5 hash, i could crack that in less than 30 mins, however PSK or AES encryption is harder to crack + WPA/WPA2 uses AP name to encrypt too.

Here are some test results:

CPU 3.6ghz AMD Black Edition II - 1500p/s - 3500p/s (depending if SSE2 instruction is disabled/enabled)
nVidia GTX 550 Ti SLI - 25000p/s - 27000p/s
These i have tested myself and im 100% sure in speeds.
My friend tested with AMD FX8120 CPU (not sure about ghz) and GTX 680 and got 36000p/s, not so impressive at all for GTX680, i was expecting a lot more.
but then i googled a bit and found some test results using GTX690 and it gets only 65000p/s.
However there is nVidia Tesla k20 which is suppouse to get 85000p/s, now that's impressive.
Galax GTX 980 Hall of Fame Edition pulls an amazing 215000 average (from 196000 - 262000p/s, fluxuating a lot)

so what all these numbers mean, is that using my setup, i can crack 8 digit (lower or UPPER alpha) pass within 3 months max (probably it won't take that long since password is usually found somewhere in middle).
GTX690 could do it within 1 month and k20 in 20 days or so, which is very impressive.
Having a 4 way SLI k20 and you can crack such password in just 5 days, that's dangerously fast.

Lot of routers around here use 8 digit UPPER or lower alpha passwords (not mixed alpha, but only lower or only UPPER).

This is technology that anyone can get their hands on really, so using a cluster, it should be no problem to crack WPA/WPA2 handshakes.

I tested out new EWSA version 5.2.272 and it has awesome option, even tho it doesn't seem to be working.
it can limit the occurance of 1 character in password, for example i don't think that any password contains 1 letter more than 2-3 times.
in that case, total amount of tries would be significantly smaller. I have seen 2 same letters in password, but never 3. well it has another option that can limit how many continuous characters you can have, i wanted to set it on 2.
password can contain some letters like 3 times, like "ACBEAAP" but i don't think any default pass is like "AAABEILN"
So using these rules, it should decrease the total passwords, but it doesn't seem to be working even tho i have selected them.
Need to check into this and see why its acting like that.

at end, it still comes down to the human factor that makes passwords vulnerable. If default password would be strong, there is no way that even any cluster can crack the password.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Sat Mar 16, 2013 2:20 pm
by Legu
I find it a very bad idea to use nvidia for crackin, especially shitty kepler. If anything, than 3x hd7970 which can easily get around 300 000 p/s against wpa. The 5970 is slightly better, but since it is way worse in games, i had recommend goin with the 7970, but for sure not some gtx crap.

I myself am a gtx570 user, but only cuz of gamin and the driver support, for crackin i had use different cards.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Sat Mar 16, 2013 5:17 pm
by Sethioz
7970 < do you have any proof of the speeds ?
it seems quite cheap, 3x 7970 is cheaper or close to same as than gtx690

in future i might get 3-4 times 7970 or similar for cracking purposes.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Sun Mar 17, 2013 8:57 am
by Legu
Sure thing i have,


Also it was the same for older models too...


2x 4870 easily outperformed a gtx295, but now that nvidia is using kepler, it is hopeless for them if it comes to wpa/md5, etc cracking.

For more infos u can visit, there u will find tons of infos.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Tue Mar 19, 2013 1:00 pm
by Sethioz
is that million hashes per second?
GTX550Ti can do 750 million passes per second (MD5) and obviously SLI can do 1.5 billion.

might check into radeon for cracking.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Wed Mar 20, 2013 8:16 am
by Legu
is that million hashes per second?

First pic yup, that means with the lightning version of the 7970 u can expect around 100 000 Million Hashes / s.....Thats a lot, and its only a single card. I think as far as u dont have 300 00000€ to get a D1 Wave (quantum computer), the hd7970 is the best way to go...

Ofc the question is whether the 8000 series will change anything...It might be worth giving a look at them, since they should arrive pretty soon.
Nvidias new series wont change much i guess, so radeon ftw for cracking.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Wed Mar 20, 2013 6:23 pm
by Sethioz
yes but its md5, this topic is about WPA/WPA2 .. not md5.
still can be used as comparison. i can do 1.5 billion per second with my SLI, its 6.6 times less than R7970
R7970 is quite cheap actually, i payed 150 for GTX550Ti about 14 months ago and 80 for refurbished GTX550Ti, R7970 is about 350 on ebay, as cheap as it goes, but performance is a lot better.

i need to know how good it is in games, but this is not the topic for it.

There are also lot of nVidia Tesla products that might outperform anything else. After all .. Tesla is specially meant to do calculations, some of them don't even have monitor attachment, meaning it is purely for RAW power, using CUDA project.
Not sure which one is the latest Tesla unit tho, but they have some kick.
S1070 is quite old, 2-3 years i think (cant bother googling), but there are some new ones that should easily kick radeon's ass in RAW power, but its not like many people can afford Tesla stuff, so obviously there aint many results out there.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Wed May 29, 2013 12:17 pm
by Sethioz
friend just tried with GTX 680 + GTX Titan and got 80000 - 95000

there is something called Pico computing hardware, this is phenomenal compared to anything else. one of those can do 1.7 million p/s for WPA/WPA2 .. this is insane.
however i don't know where to buy them.
website's here:
i contacted them and asked where i can buy and how much they cost, those are not graphics cards, they are specifically meant to do calculations and use some different technology, i didn't focus on them much, but elcomsoft team have tested one of them and this is where i got that 1.7 million result.
i don't think they take even much power, at least by the look of them. they just use some specific technology to allow them to work faster than a CUDA enabled GPU.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Thu May 30, 2013 10:22 pm
by Sethioz
Now im really interested in Pico Computing. They are very nice and helpful, they sent me their comparison chart and it looks very promising.
Check it out, see for yourself. 285000p/s @ WPA/WPA2 with only 118 watts of power, that's amazing. one of my GPU's take more than that and can only do like 12000p/s. Most powerful ones as you see are 1500w, but do 1.9 million p/s, now that's impressive speed.
I'm considering building a pc with 4 M-505/6 in it, need only like 600w psu.
But will see. that one at end is about 2300usd (i think that's what i was told over email and they have discounts if you buy more than 1).

So yeah, Pico leaves all Radeons and nVidias into dust.


I have been asking info about the Pico boards from them and it seems like its quite complicated. They come as modules and you need adapters (backplanes is what they call them) and those connect to your PCI-E and then you can connect their modules (computing units) to that backplane. i still don't fully understand, but its very interesting and i wanna give it a try with some cheaper boards.

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Sun Sep 08, 2013 7:47 am
by Sethioz
GTX680 Phantom is struggling to work as a cracker .. this is complete bullshit, i can't get it working at all. it is beast graphics card in games, but in cracking it fails so bad.
Elcomsoft Wireless Security Auditor works and getting about 36000 - 60000 .. extremely UNSTABLE, i can't even see what the speed really is.
Elcomsoft Distributed Password Recovery does not work at all, it fails to use any GPU
ighashgpu doesn't work either...

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Thu Feb 05, 2015 4:45 am
by Sethioz
get a load of that! i didn't expect GTX 980 to be so freaking powerful in cracking, but i guess maxwell speaks for itself.
WPA2 bruteforce cracking - 215000 average!!!
I have seriously OCed card tho, it's Galax GTX 980 Hall of Fame Edition, it has a lot higher clocks, but i think default 980 would easily pull 150000p/s, probably even 170000.

Elcomsoft Wireless Security Auditor_2015-02-05_04-05-25.png
Elcomsoft Wireless Security Auditor_2015-02-05_04-05-25.png (4.66 KiB) Viewed 28912 times

Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Sun Jun 28, 2015 7:37 pm
by Damo
Hi Sethioz,
First all I would like to thank for everything you did so far for the community. I read this very interesting topic and I was wondering what was the outcome you had in relation to Pico Computing / Xilinx FPGA and Embedded HPC.
Their performances back in 2013 looked amazing, they might have even improved since then. You said that these products were more for Administration or Military purpose, correct? Was it because of the price, company policy or another reason?


Re: Elcomsoft Wireless Security Auditor / EWSA - testing / s

PostPosted: Tue Jun 30, 2015 4:32 pm
by Sethioz
I haven't tried any PICO accelerators myself, but which one you refer to?
Elcomsoft or PICO? Both are more like for government use and that's because of the price. I'm somewhat in partnership with Elcomsoft and they even confirmed that they mainly focus on governments, because their products cost a lot, for single user it would never pay off.
Same with PICO, their prices are not cheap. You'd need about 10000 usd to buy a proper cracking machine that is capable of doing better than high-end gaming rigs.

PICO uses less electricity and that means less heat. I don't remember from head, but i think that if you wanna get 2 million passwords per second with PICO (cracking WPA2 handshake), then you'd need to spend about 10000usd. If you'd like to get that performance with GPUs, you can get it way cheaper. If you'd use GTX 980s, you'd get 2 million passes per sec for about 5000usd or maybe less. If you'd use older Radeon cards, you'd probably get it way cheaper, maybe like 2000usd?
but they would take lot more power. So if you want to crack a single handshake, then you'd surely go with cheaper option, but companies that do this daily, they'd be paying insane power bills, so they'd rather spend 10k on PICO.