Oct 10, 2008

Brute-force attack on WPA/WPA2 passwords

It was only a matter of time before someone did this, really...

Russian company ElcomSoft has released a password "recovery" tool leveraging the computing power provided by nVidia GPUs. Breaking WEP is not even funny anymore, so how about "recovering" WPA/WPA2 passwords in pre-shared key mode (PSK)?

By combining several GPUs (this tool handles multiple clients out of the box), a brute-force attack on WPA/WPA2 PSK is now a credible threat.

Recommendations :
- If your gear supports it, use WPA2 instead of WPA (better encryption)
- For enterprise networks, try to avoid PSK and use EAP instead
- In all cases, use long, truly random passwords : 20 characters minimum (including non-alphanumerical characters), no dictionary words allowed.

And may the Force be with you...

No comments:

Post a Comment