WPA failing to protect wireless data, say experts


WPA failing to protect wireless data, say experts

Warwick Ashford

Standard Wi-Fi Protected Access (WPA) and WPA2 encryption systems are no longer strong enough to protect wireless data following the release of Russian password recovery software, say security experts.

The Elcomsoft password recovery tool enables criminals to tap into the computing power of the latest nVidia graphics cards to speed up encryption key cracking times by up to 10,000 times.

Ken Munro, director of the penetration testing division of NCC Group, said the software enables distributed supercomputing using the spare resources of PC graphics cards in a business to greatly increase the speed of cracking pre-shared encryption keys.

"Cracking WPA keys used to be very time consuming, but with the speed of [graphics card] processors now, wireless keys are starting to look vulnerable," he told Computer Weekly.

Munro said anyone using the personal or pre-shared key (PSK) versions of WPA and WPA2 should use the maximum length of key characters to make them more difficult to crack.

Users with the technical ability should also ensure they are using the stronger Advanced Encryption Standard (AES) WPA encryption cipher instead of the weaker Temporary Key Initiation Protocol (TKIP).

"Most corporates should be using the much more resilient enterprise versions of WPA and they will be safe, but I have known some to use the personal version and they should upgrade as soon as possible," said Munro.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy