WiFi WPA & WPA2 Schemes Face parrellel bruteforcing techniques

This type of attack isn't new at all, but it is still pretty interesting. Various researchers have been trying to use GPUs to enhance brute-forcing and dictionary attack power. Strong passphrases will still be able to resist the attack.

Article

WiFi is no longer secure enough to protect wireless data.

Global Secure Systems has said that a Russian's firm's use of the latest NVidia graphics cards to accelerate WiFi ‘password recovery' times by up to an astonishing 10,000 per cent proves that WiFi's WPA and WPA2 encryption systems are no longer enough to protect wireless data.

David Hobson, managing director of GSS, claimed that companies can no longer view standards-based WiFi transmission as sufficiently secure against eavesdropping to be used with impunity. He also said that the use of VPNs is arguably now mandatory for companies wanting to comply with the Data Protection Act.

He said: “This breakthrough in brute force decryption of WiFi signals by Elcomsoft confirms our observations that firms can no longer rely on standards-based security to protect their data. As a result, we now advise clients using WiFi in their offices to move on up to a VPN encryption system as well.

“Brute force decryption of the WPA and WPA2 systems using parallel processing has been on the theoretical possibilities horizon for some time - and presumably employed by relevant government agencies in extreme situations - but the use of the latest NVidia cards to speedup decryption on a standard PC is extremely worrying.

“The $64,000 question, of course, is what happens when hackers secure a pecuniary advantage by gaining access to company data flowing across a WPA or WPA2-encrypted wireless connection. Will the Information Commissioner take action against the company concerned for an effective breach of the Data Protection Act.”

Source:
www.scmagazineuk.com...