WiFi Security – Not Dead Yet

Elcomsoft put out a press release about a new version of their password recovery software that cracks WPA/WPA2. I thought even this was old news. I thought I read months ago that Elcomsoft was doing that. Must have been the beta version.
What’s going on here is not a huge leap forward. This is merely cracking pre-shared keys as cowpatty has done for years. This just makes it faster.
If you’re already following standard security practice, nothing needs to change. Don’t use WPA-PSK to protect access to a corporate network. At home, you probably are not running freeRadius and are suck with WPA-PSK. Use long and complex keys, and change them periodically.
Robert Graham has a nice debunking blog entry.
GPUs make password bruteforcing easier. However as I’ve found in bruteforcing domain passwords, using a strong password is still a good defense.