ElcomSoft accelerates cracking WPA/WPA2 keys: The Russian firm offers what it delicately terms password recovery software. They've now paired their WPA/WPA2 key crackin with the power of graphic processing units (GPUs), the brains that drive video cards, and which can carry out certain kinds of calculations vastly faster than CPUs, a computer's main processor. (Apple plans to tap GPUs for Snow Leopard, Mac OS X 10.6, due out next year.)
ElcomSoft claims a 100fold increase in the ability to brute force extract a WPA or WPA2 key. Further, their software can be used in a distributed fashion. A network of computers with fast graphics cards could provide the equivalent of multiple supercomputers' worth of focused cracking power.
Short WPA/WPA2 passphrases (which are hashed into keys) have long been known to be at risk to cracking and dictionary attacks. Five years ago, Robert Moskowitz let me publish his paper on weak passphrase choice, which showed how words in dictionaries used for passphrases could be broken if the phrase was overall less than 20 characters. Passphrases are hashed using a formula that includes the SSID (network name). Crackers have precompiled large dictionaries that use common SSIDs.
ElcomSoft uses brute force, which require untold billions of attempts. Shorter keys, even with high degrees of entropy, could fall very fast.
But longer keys increase the difficulty of cracking inordinately. An 8-character WPA/WPA2 passphrase might fall in hours or even minutes, but a 9-character key would take some factor longer; a 16-character key might still need thousands of years to crack even with government-grade effort.
WPA/WPA2 Enterprise shouldn't suffer from this weakness, because these systems generate long keys that aren't derived from passphrases.
ElcomSoft's Distributed Password Recovery starts at $599 for up to 20 clients, and scales to 10,000 clients.