It was only a matter of time before someone did this, really...
Russian company ElcomSoft has released a password "recovery" tool leveraging the computing power provided by nVidia GPUs. Breaking WEP is not even funny anymore, so how about "recovering" WPA/WPA2 passwords in pre-shared key mode (PSK)?
By combining several GPUs (this tool handles multiple clients out of the box), a brute-force attack on WPA/WPA2 PSK is now a credible threat.
- DO NOT USE WEP
- If your gear supports it, use WPA2 instead of WPA (better encryption)
- For enterprise networks, try to avoid PSK and use EAP instead
- In all cases, use long, truly random passwords : 20 characters minimum (including non-alphanumerical characters), no dictionary words allowed.
And may the Force be with you...