Cryptology ePrint Archive: Report 2016/547

Efficient High-Speed WPA2 Brute Force Attacks using Scalable Low-Cost FPGA Clustering

Markus Kammerstetter and Markus Muellner and Daniel Burian and Christian Kudera and Wolfgang Kastner

Abstract: WPA2-Personal is widely used to protect Wi-Fi networks against illicit access. While attackers typically use GPUs to speed up the discovery of weak network passwords, attacking random passwords is considered to quickly become infeasible with increasing password length. Professional attackers may thus turn to commercial high-end FPGA-based cluster solutions to significantly increase the speed of those attacks. Well known manufacturers such as Elcomsoft have succeeded in creating world's fastest commercial FPGA-based WPA2 password recovery system, but since they rely on high-performance FPGAs the costs of these systems are well beyond the reach of amateurs. In this paper, we present a highly optimized low-cost FPGA cluster-based WPA-2 Personal password recovery system that can not only achieve similar performance at a cost affordable by amateurs, but in comparison our implementation would also be more than $5$ times as fast on the original hardware. Since the currently fastest system is not only significantly slower but proprietary as well, we believe that we are the first to present the internals of a highly optimized and fully pipelined FPGA WPA2 password recovery system. In addition we evaluated our approach with respect to performance and power usage and compare it to GPU-based systems.

Category / Keywords: FPGA, WPA2, Security, Brute Force, Attacks

Original Publication (in the same form): IACR-CHES-2016