WPA failing to protect wireless data, say experts

Standard Wi-Fi Protected...

Standard Wi-Fi Protected Access (WPA) and WPA2 encryption systems are no longer strong enough to protect wireless data following the release of Russian password recovery software, say security experts.

The Elcomsoft password recovery tool enables criminals to tap into the computing power of the latest nVidia graphics cards to speed up encryption key cracking times by up to 10,000 times.

Ken Munro, director of the penetration testing division of NCC Group, said the software enables distributed supercomputing using the spare resources of PC graphics cards in a business to greatly increase the speed of cracking pre-shared encryption keys.

"Cracking WPA keys used to be very time consuming, but with the speed of [graphics card] processors now, wireless keys are starting to look vulnerable," he told Computer Weekly.

Munro said anyone using the personal or pre-shared key (PSK) versions of WPA and WPA2 should use the maximum length of key characters to make them more difficult to crack.

Users with the technical ability should also ensure they are using the stronger Advanced Encryption Standard (AES) WPA encryption cipher instead of the weaker Temporary Key Initiation Protocol (TKIP).

"Most corporates should be using the much more resilient enterprise versions of WPA and they will be safe, but I have known some to use the personal version and they should upgrade as soon as possible," said Munro.



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.