Elcomsoft Wi-Fi auditor prompts security warnings
Elcomsoft is now shipping its Wireless Security Auditor 1.0, a Wi-Fi password cracking system based around research it showed in October 2008. The release has prompted security vendors to warn users to use stronger passwords on their Wi-Fi networks.
The software costs £599 and Elcomsoft state that it should only be used to test the security of networks and take no responsibility for its misuse. The Elcomsoft product uses high-end graphics cards to speed up the brute forcing of WPA/WPA2-PSK keys, reducing the time taken for a single PC to crack a password from months to hours. The software can make use of the computing power of up to four Nvida or ATI cards.
Security vendors such as GSS have noted that the typical Wi-Fi network is only using 8 character passwords. GSS's managing director, David Hobson, called the release "a wake up call to IT managers. Pure and simple" adding "IT managers should now move to 12 and even 16 character keys as a matter of urgency. It's not very user-friendly, but the potential consequences of staying with eight character keys do not bear thinking about".