Skip to main content

Elcomsoft Cracks WiFi Encryption Using GPUs; What are the implications?

We reported last week about Elcomsoft use of Nvidia's Graphic Processing Units (or GPU) to crack open WPA and WPA2 encryption schemes which have been recommended over the weaker and more vulnerable WEP. Now more details have emerged as to how it works.

Elcomsoft is based in Russia and is specialised in password recovery, which means that the applications the site sells, Microsoft Office Files, Adobe Acrobat, ICQ, Email Accounts, MS SQL Server (see the whole list here (opens in new tab)), should in theory also gain from the brand new Elcomsoft Distributed Password Recovery.

The company is a Microsoft Gold Certified Partner, Intel Software Partner, NVIDIA Developer which means that the applications it has developed have been met with a green light as far as the three aforementioned companies are concerned.

Elcomsoft says that two GTX280 boards could possibly speed up the cracking process by up to 100x (and not 10,000 as reported by some), which could further be improved using either more graphics cards or more powerful GPUs.

There are chances that criminals will employ this tool to crack open supposedly secured wireless encryption which could possibly give rise to "cheap" password cracking powerhouses using distributed computing.

So what can you do? Speaking to Computerweekly (opens in new tab), Ken Munro of NCC Group, said that users should use the maximum number of characters in order to make the keys more difficult to crack.

Alternatively, companies should try to deploy a stronger version of the WPA encryption, known as AES (Advanced Encryptipon Standard) WPA.

ZDNet adopts a more sombre (opens in new tab) approach to the whole debate with Christian Harris saying that some companies will push for hard wire in lieu of no wires. Maybe, they should try the Powerline solution which combines the two approaches (kind of).

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.