Oct 10 2008
According to The Register, Russian company Elcomsoft has made a major jump in cracking WPA and WPA2 passwords using Nvidia graphic cards to brute force the passwords. They say that a system with two Nvidia GTX 280 video cards in it can crack the passphrase 100 times faster than anything before.
Does that mean it’s time to shut down all you’re wifi and only use your wired network? Not really, since this requires specialized hardware and software. Not everyone can afford $800 just for two video cards, let alone the $600 for Elcomsoft’s software and the ~$500 it costs to buy rest of the parts required to build a computer. That’s not a trivial investment for most of us, especially right now.
If this was a piece of open source software that ran on any GPU, I’d be scared. It’d be a real blow to wireless encryption technology. But given the cost of the product and hardware, I doubt many people will be breaking WPA passwords in the near future. However, the people out there who are targeting specific businesses looking looking for specific information will love this tool and use it often. Can you say “corporate espionage”?
Don’t abandon your wifi yet, but continue to take the precautions you should be taking anyway. Put your wireless on it’s own network, make your users VPN into the corporate network and add as many additional layers of security as your company lets you. Issues like this are why security professionals continually use terms like ‘defense in depth’; when one layer of security fails, you need to have other protections in place to make sure you aren’t pwned like TJX.