Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."

Re:Looks Like I'm Safe

[Sasayaki]

"Brute Force Attack will take up to 128299838271 years"

Look, I understand that's enough security for your mortals, but I plan to live forever. I don't want someone getting my data just after my 128,299,838,295th birthday!

Re:Looks Like I'm Safe

[Anonymous Coward]

Look, I understand that's enough security for your mortals, but I plan to live forever. I don't want someone getting my data just after my 128,299,838,295th birthday!

Ray Kurzweil, how ya doin'?

Re:F@H

[93 Escort Wagon]

I wonder how long it would take for the entire Folding@Home grid would take to crack a single WAP/WAP2 key. Can anyone do the math?

So that would be Cracking@home?

We're okay

[Anonymous Coward]

Hah! My company is okay- we're only using MAC filtering for our security, none of this insecure WEP/WPA crap.

Re:Looks Like I'm Safe

[ksd1337]

I don't want someone getting my data just after my 128,299,838,295th birthday!

Tell us if they release Duke Nukem Forever by your 128 billionth birthday.

..since as we know, ...

[Marcika]

... Most people use passwords. Some people use passphrases. Bruce Schneier uses an epic passpoem, detailing the life and works of seven mythical Norse heroes.

Please send me your password, so I can verify ...

[PolygamousRanchKid]

My Dearest Friend,

I am the Minister of the Nigerian Ministry of Butt-loads Of Networked Nvidia PCs (NMBNNP). We would like to test this software, but in order to determine if the software has successfully cracked the password, we need your login password, so that we can verify.

Afterward, you will be granted unlimited access to the NMBNNP grid.

Oh, and please send your bank information, as well.

Re:Why does wireless security suck so bad?

[eric2hill]

Almost, but your key may not be as truly random as you might think. Post your key here so we can verify it's really secure.

Re:You can get hard passwords

[darkonc]

Yeah, that's great.... But it doesn't work too well for the "I'll set up our 200 unit network for wireless in 2 hours" crowd. Those are the ones who are likely using WPA with PSK and easy-to-type-in passwords.

Re:Why does wireless security suck so bad?

[dgatwood]

Okay. My key is 1...

2...

3...

4...

...

...

5.

Re:Looks Like I'm Safe

[Korin43]

Look, I understand that it's inconvenient to change your passwords ever 128 Billion years, but that's the sort of inconvenience you'll have to live with if you want security..

Re:You can get hard passwords

[Anonymous Coward]

..no way... that is MY excact password to my wireless router.... how did you guess?!?!?

Re:Looks Like I'm Safe

[tftp]

I recently moved up 23 chars, but it won't calculate that for me.

Do not worry, the keylogger inside of your keyboard has plenty of memory.

Re:Looks Like I'm Safe

[GameboyRMH]

I was a little worried until I also read it was nothing more than a brute force attack using a faster processing unit.

My thoughts exactly. This is like fitting two bigass turbochargers and jumbo cams to a big 'ol American V8 and calling it a breakthrough in engine design. The headline should be "Elcomsoft turns WPA/WPA2 brute force attack speed up to 11"