Russians start selling Wi-Fi encryption cracker
Even simple WPA passwords are at risk, they claim.
By John Dunn | Techworld | Published: 14:58, 16 January 2009
The Russian security company that caused a stir some months by talking up its cracking tool for recovering Wi-Fi encryption keys, has started selling its software to all-comers in a specially packaged product.
Normally, running a tool to do this on a conventional Intel Core 2 Duo desktop PC would take months to brute force even a single 8-character WPA/WPA2-PSK password, of which there are trillions of possible alpha-numeric combinations at that bit length.
Elcomsoft claims that Wireless Security Auditor 1.0 can perform the same function by capturing traffic from a Wi-Fi connection using a separate packet sniffer, processing the data through up to four high-end graphics cards in order to retrieve the password in a fraction of that time.
Although the software technique behind the software has been around for months, it now has a price - £599 for UK users.
The software supports hardware from either of the leading companies in the field, Nvidia and ATI, specifically the super-fast GeForce 8, 9, and 200, as well as ATI's Radeon HD 3000, with a minimum of 256MB of dedicated onboard RAM, on any version of Windows. The extra processing power simply speeds up the basic dictionary attack method of such software, cycling through combinations at a faster rate.
The company stops short of specifying a time to retrieve a complex password of 8 characters - the minimum allowed by WPA - but admins might infer from running the tool for any length of time that their passwords are at least secure to a minimum standard. Longer passwords, even quite simple ones, would almost certainly be beyond this tool, but therein lies the auditing usefulness of the tool.
One obvious concern is the illegal use of the tool to actually hack Wi-Fi networks, not just ‘test' them.
"Elcomsoft Wireless Security Auditor works completely in off-line, undetectable by the Wi-Fi network being probed, by analyzing a dump of network communications in order to attempt to retrieve the original WPA/WPA2-PSK passwords in plain text," says the company release, confirming the tool is designed to be used with invisible sniffers.
A disclaimer on the website makes this issue more explicit.
"The program that is licensed to you is absolutely legal and you can use it provided that you are the legal owner of all files or data you are going to recover through the use of our software or have permission from the legitimate owner to perform these acts. Any illegal use of our software will be solely your responsibility. Accordingly, you affirm that you have the legal right to access all data, information and files that have been hidden."
The answer is to make sure that the risibly weak WEP (wired equivalency protocol) encryption is not being used by Wi-Fi access points, and that WPA passphrases are more than 8 characters, preferably grown-up randomly-generated hashes created by dedicated tools. Hash generation tools typically exceed 20 characters. Admins should consider themselves warned.