ElcomSoft uses NVIDIA GPUs to speed up WPA/WPA2 brute-force attack

Russian security firm ElcomSoft has released software that leverages NVIDIA GPUs to speed up the brute-force cracking of WPA and WPA2 pre-shared WiFi keys.

Here's the meat from the press release:

ElcomSoft Co. Ltd. accelerates the recovery of WPA and WPA2 encryption used in the Wi-Fi protocol by employing the new-generation NVIDIA video cards. ElcomSoft patent-pending GPU acceleration technology implemented in Elcomsoft Distributed Password Recovery allows using laptop, desktop or server computers equipped with supported NVIDIA video cards to break Wi-Fi encryption up to 100 times faster than by using CPU only.

Elcomsoft Distributed Password Recovery supports both WPA and the newer WPA2 encryption used in the majority of Wi-Fi networks, allowing breaking Wi-Fi protection quickly and efficiently with most laptop and desktop computers. The support of NVIDIA graphic accelerators increases the recovery speed by an average of 10 to 15 times when Elcomsoft Distributed Password Recovery is used on a moderate laptop with NVIDIA GeForce 8800M or 9800M series GPU, or up to 100 times when running on a desktop with two or more NVIDIA GTX 280 boards installed. Governments, forensic and corporate users will benefit from vastly increased speed of breaking Wi-Fi protection provided by Elcomsoft Distributed Password Recovery.

Elcomsoft Distributed Password Recovery does more than WiFi passwords - you also get the ability to crack a number of documents and files such as Microsoft Office, PGP, ZIP, PDF, OpenDocument, and a number of others.

The power of Elcomsoft Distributed Password Recovery is down to its distributed nature.

Prices start at $499 for 20 clients, going up to $4,199 for 2,500+ clients.

Reality check time. Even a 100x speed increase isn't all that remarkable. If you're using sub 6 to 8 character passwords/passphrases, and you're leaving them in place for months (or years) at a time then you need to be worried. If you're using long pre-shared keys consisting of uppercase, lowercase, digits and common punctuation, you're still very safe.

For example, a 15 character password made up of uppercase, lowercase, digits and common punctuation is highly resistant to a brute-force attack. Even at the rate of 100,000,000 password attempts a second, cracking that could take 3.5 x 10¹² years. 

Note: Compare this to a 5 character password consisting of uppercase, lowercase, digits and common punctuation. Even at the modest rate of 50,000 password attempts a second, this could be cracked in about 13 hours!

Whether your system is resistant to this kind of attack really depends on the quality of your passphrase.