Is WPA Still Secure?

There was a media announcement recently from a Russian company called Elcomsoft claiming to be able to crack WPA encryption. What’s this about and how does it affect you?

WPA is the preferred encryption for wireless networks, the kind you probably have at home or in the office. Here’s a quick recap of where WPA fits in:

  • WEP – the old wireless security option. This is useless, it provides no real security.
  • WPA – this replaced WEP. Some old devices didn’t support it but most new ones do. WPA is good, highly recommended.
  • WPA2 – this is better than WPA

So what did Elcomsoft do?
They developed a way to speed up the time it takes to crack WPA and  WPA2 encryption. Here’s a short summary:

  • If you use a short password, say 10 letters long, it used to take 579,000 years to crack. With this new technology it would now take 5793 years, or 5 years if they purchase 1000 of these machines dedicated to hacking into your wireless network (at a cost of over $1m of hardware).
  • If you use a good password, e.g. 20 characters long, will now take 10,000,000,000,000 years to crack, or shorter if you have thousands of computers working together on this.

In other words the article is mostly hype. Making something 100 faster doesn’t mean much when we’re talking about trillions of years.

The short version is: use WPA/WPA2 and a long password when configuring your wireless network. Use at least 20 characters.

What I’ve written above applies to small networks such as home or small offices. For large networks you should be using a technology called Radius together with WPA, this is much more secure, extremely hard to crack, and of course more complicated and expensive to install and maintain.

Leave a Reply

Your email address will not be published. Required fields are marked *