A few weeks ago, Elcomsoft reported that is had developed a software to harness the power of a GPU to brute-force WPA/WPA2. What that could mean is that, for a scant $1,000 in hardware, one could break the encryption used on wireless networks. While this price may sound prohibitively high, two top GPUs in SLI is fairly common in high end gaming. People dedicated enough to break into corporate networks now have a means to do so.

That’s the theory, atleast.

As one keen commenter pointed out, the reality and sheer mathematics behind it is mind boggling. WPA2 can be 63 characters using lower case, upper case, numbers, symbols, provides 94 choices for each character. If I use a 63 character password, that 63 character password could be one of 1.9 * 10 ^126 possible choices.

If you want to have a 100% chance of brute forcing this key in one year one would still need to execute 6*10^118 trys a second.

It would be faster to attack the 256 bit hash as this only has 1.1*10^77 permutations.

So if one could issue 3.6 *10^69 commands per second one could guarantee a break in one year. Lets assume that it takes 10 flops (floating point operations) to test one key. As of August SETI@HOME is executing an average of 150 terra-flops (150*10^12). Therefore one would still need ~ 2.5 *10^56 SETI@HOME projects to break one key in one year.

The most efficient computer uses 2.8 watts per GFLOP. Therefore it would take 2.5*10^59 watts to break one key. Since the average usages of power for all people on the planet is 15 TW we would need 1.5*10^46 times the current power output of the planet to break one key.

Unless someone is using a weak password, like “aaaaaaaa”, it’s rather unlikely someone would be able to successfully crack WPA2.

Why am I taking the time to point this out? The short explanation is that I’m tired of lesser admins and specialists preaching to me that WPA2-PSKs are insufficient safeguards for wireless security, especially in a business/enterprise setting. This is simply not the case. While it may be optimal to use WPA2 Enterprise set ups in corporate environments, the reality is the many IT departments are run on a shoestring budget. The mark of a good IT consultant is not how fast, powerful, or secure they can make something with an unlimited budget… but how well they can make do on a budget resembling the McDonald’s dollar menu.

Some theorist suggest that link security, such as WEP and WPA, may eventually take a backseat to data security, such as VPNs.

So, for the time being, you can sleep soundly knowing that your WPA2 networks are secure… secure as you make them.

PC gaming has been in a steady state of decline over the past several years. But what could be causing this?

Consoles have been elevated from a niche gaming market for Nintendo and Sega games to perhaps THE foremost platforms to release new games. I vividly recall scoffing at anyone who wanted to be taken “seriously” as a gamer whose primary game system was a console. However, it’s become obvious that console are no joke.

The biggest problem, it seems, is the ease of use that the console systems enjoy. There’s no updating your drivers, installing DirectX, waiting 30 minutes for your game to install, worrying about background applications, compatability issues… nothing. You just put the game in the drive and play.

Why can’t PC games be made that easy?

Software support. Simply put, the console runs on software that’s already loaded with drivers, libraries, and programs required for games designed for that platform. The problem with PCs is also it’s biggest virtue: utility. PCs are useful for other things besides gaming, and as such they can’t be crammed full of gaming libraries because that would limit their functionality. As such, all the information needs to be loaded into memory. With such a mix of different hardware, it’s difficult for programmers to anticipate what consumers will have at their disposal.

Gaming companies are always quick to blame piracy for the flagging sales of PC games. While their complaints are somewhat justified, it is often used as an excuse for the poor sales of their games for the media and their investors. Tech savvy computer users have almost no difficulty pirating games, in contrast to console systems that require physical modification in order to achieve the same ends.

The industry’s solution?

DRM. This is perhaps the dirties three letter word of all time. Companies like EA, looking to safeguard their investment, have turned to draconian DRM and copy-protection schemes that only hurt the consumer. For instance, Electronics Arts turned to the failed SecuROM technology to protect Spore. The end result? EA faced a massive consumer backlash over SecuROM — Spore gets low reviews from consumers and sets records for amount of pirated copies downloaded in a 24-hour period.

Meanwhile, EA Execs blame the low reviews on “disgruntled pirates”, further proof that they just don’t get it. Pirates aren’t worried about DRM… they just get the hacked DRM-free versions anyways. It’s the end consumer that has to suffer through having it… and trying to get rid of it.

The long and short of it is, if PC gaming were as simple and hassle free as console gaming, then PC gaming would probably once again be the premiere platform for gaming.