The once thought 8 character length password may no longer be safe, after the GPU-accelerated password recovery attack can break weak WPA/WPA-2 PSK passwords.
The Elcomsoft Wireless Security Auditor mentioned that its software can work completely off-line and find passwords by analyzing a dump of network communications, and display them in plain-text. The Wireless Security Auditor does require the source of a valid log of wireless communication.
Experts have urged IT managers to move from 8 character WMP passwords to 12 or 15, in a quote from David Hobson: "It's a wake-up call to IT managers, pure and simple. IT managers should now move to 12 and even 16 character keys as a matter of urgency. It's not very user-friendly, but the potential consequences of staying with eight character keys do not bear thinking about."
Places like Mumbai, India, have pushed law enforcement to take action with a wardriving police unit that locates insecure wireless networks, with laptops around the city, and notifies the owner of the network to secure their routers. Recent report suggestions that an estimated 88% of wireless networks in Mumbai are unsecured and encouraged police to take action to prevent the commission of a cognizable offence.
36 Comments - Add comment