Oct 13 2008
I’ll admit it: Sometimes I’m lazy and sometimes I hedge my bets a little. I didn’t have the time on Friday to look deeper into the real time requirements to hack a WPA password using Elcomsoft’s new tools. I knew the time needed was considerable, but I didn’t realize exactly how long it’d take: George Ou says it’d take 5793 years to crack a WPA password normally and even with a heftier computer than most of us will ever see, it’ll still take almost 6 years to break the key. And Robert Graham backs him up, saying all it takes is lengthening your key by one character.
I’d overestimated how much of an impact this could make on the security of a wireless network. I thought Elcomsoft might have come up with a viable attack against WPA, but in reality, this is just a marketing gimmick. No one’s going to devote 5+ years of computing power to hack a wireless network; first of all the information will probably be obsolete in that time frame, second, no one’s going to keep the same wireless network equipment and passwords for five years. At least I hope they won’t.
There are any number of easier, quicker ways to break into a network than trying to brute force the WPA passphrase, everything from social engineering to just breaking in and stealing the servers. Cracking the WPA will probably become easier as time goes by, but for now WPA is still a viable way to secure your wireless. Unless you’re doing something stupid like using dictionary words in your passphrase.