There is No Such Thing as Wireless SecurityNovember 1st, 2008
Chad’s News has previously discussed the use of graphics cards to solve problems that can be broken into pieces and processed in parallel. Elcomsoft has jumped on this wagon and added GPU processing to its Distributed Password Recovery software, specifically for the WPA and WPA2 wireless formats (among others). According to this article, using two high-end graphics cards will decrease the computation time by a factor of 100. The linked article doesn’t give actual times for breaking encryption, but it does imply that brute force attacks can be successful—the web site says, “Recover the most complex passwords and strong encryption keys in realistic timeframes.”
Home users probably do not need to worry about people hacking into their wireless networks with this tool, because it should take significant resources to successfully break the encryption. I see it being used for things like industrial espionage, government spying, homeland security, crime forensics, etc.
The core lesson of this article is that it’s getting easier for a determined attacker to discover passwords and encryption keys. So beware.
Update: Ars Technica has specific information on the actual amount of time required to crack a password. For eight-character, lowercase, non-dictionary words, we’re looking at about a week.