Slashdot Mirror

← Back to Stories (view on slashdot.org)

Elcomsoft Claims WPA/WPA2 Cracking Breakthrough

Posted by timothy on from the it-budget-excuse-par-excellence dept.

secmartin writes "Russian security firm Elcomsoft has released software that uses Nvidia GPUs to speed up the cracking of WPA and WPA2 keys by a factor of 100. Since the software allows them to network thousands of PCs, this anouncement effectively signals the death of wireless networking in business networks; any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether."

3 of 349 comments (clear)

  1. Looks Like I'm Safe by linuxmeepster · · Score: 5, Interesting

    "Brute Force Attack will take up to 128299838271 years" at 500,000 passwords a second. ElcomSoft is claiming a 20x improvement in speed, but that won't make a dent into an exponential-sized problem. See http://lastbit.com/pswcalc.asp for calculation.

  2. F@H by Kooty-Sentinel · · Score: 5, Interesting

    I wonder how long it would take for the entire Folding@Home grid would take to crack a single WAP/WAP2 key. Can anyone do the math?

    --
    Your evaluation period for Productivity 1.0 has ended. Please purchase more coffee to continue using this product.
  3. Oh, pull the other leg... by subreality · · Score: 5, Interesting

    This is seriously overhyped. #1:

    This anouncement effectively signals the death of wireless networking in business networks;

    Bullshit. The underlying encryption is based on AES*. AES is not a toy algorithm, and is designed to defend against specialized cracking hardware, and all other known attacks. It is *plenty* strong enough to hold up to a 100X increase in cracking speed, as long as you use good keys, which hopefully you are in a business environment.

    I'm willing to believe that a key handling vulnerability might exist in WPA, or a flaw in AES, but the notion that brute force has brought about the death of WPA in business networks is just absurd. At best, this is a reminder to use good keys.

    any network handling sensitive data should start using VPN encryption on machines connecting over Wi-Fi networks, or stop using these networks altogether.

    Do you think your VPN software has a better underlying algorithm than AES?

    * Unless you're using TKIP, which is a toy algorithm, which exists for backwards hardware compatibility, and in my experience isn't used by anyone who cares about security... But even there, the potential attack vectors are through algorithm weaknesses, not brute forcing the keys.