WPA/WPA2 encryption is no longer considered secure ?

[Puppy]

Improved WPA and WPA2 password-cracking tool causes concern
http://www.heise-online.co.uk/security/ ... ews/111713

(followed link) WiFi is no longer a viable secure connection
http://www.scmagazineuk.com/WiFi-is-no- ... le/119294/

[bill bolton]

"Whether Elcomsoft's tool really represents a danger to WLANs using WPA remains to be seen. The attack is a simple brute-force one, using the computational power of multiple GPUs to accelerate the process. If strong passwords are used – that is, long and containing unpredictable sequences of characters – then the attack could still a considerable amount of time, even at 100 times the speed. The fastest password-breaking from this system will require a cluster of powerful workstations with multiple pairs of high-end dual-processor graphics cards, working possibly for some days, so it's not an attack that people will be launching from a PDA or smartphone, nor even from a car parked outside. A serious attack on a well-set-up WLAN will require grabbing a significant chunk of network traffic with a sniffer, then taking it offsite for processing. By the time the security has been broken, a tightly-secured network will have changed the keys anyway.

Weak passwords, on the other hand, are a problem, even without EDPR. In addition, TKIP is often used on corporate networks for encryption, meaning that the network key continually changes every few kilobytes during a session. Elcomsoft has not reported whether its new tool can also quickly attack such networks."

[moronoxyd]

Elcomsoft didn't find a flaw in the encryption algorithm, they only speed up the process of cracking it using brute force.

So, WPA/WPA2 secured networks are somewhat less secure, but when cracking WPA/WPA2 keys using brute force, we're still talking tousands of years, as long as you use a good key.

good means:
- long
- not to be found in any dictionary
- combination of upper and lower case letters, numbers, possibly special characters (as supported)
- keep the key secret, the more people know it, the more likely it is misused


And if you use a key that is one or two characters longer then the one you used up until now, you have approximately the same security as you had before.