Some russian researchers have published this new software which uses NVIDIA GPUs to crack a WPA password about 100 times faster than it was possible until now, so they say.
I’ve done some reading in this regard, and I think it’s not so much of an issue. A simple password is already easy to break. This application will make it easier. On the other hand, a complex passphrase is hard to decipher, and all this does is make it a little easier, but it seems, still not viable.
They haven’t really done a major breakthrough in cryptography. They just added more horsepower to the problem. If you’re concerned about this, then you should have been worried long time ago. This kind of thing has been done since ages ago, only not with GPUs.
Add to this the fact that this kind of thing targets WPA Personal, which uses PSK, and not WPA Enterprise, which you should be using for your corporate network. Some people think that a geek would do almost anything to get Internet access, but this looks like way too much of an effort.
Even if you’re using WPA Personal, you should be thinking of a really long and difficult passphrase. You’re not required to type it every time, so it’s not big deal to use 63 characters as your PSK. Gibson Research Group offers a Secure Password Generator to help you create a nice secret. I would recommend doing it yourselves, though.
So, no VPN?
Actually, I do think the VPN approach is a good one. But not for this reason. It’s not uncommon to see that every guest of an office is granted WiFi access so it can browse the Internet. And there is where the real risk lies. Not in the cypher algorithm, neither on the security schema used, but in those people you’re willingly granting access to your network.
This is where a VPN can help you: give Internet access to those people, and VPN access to those that really need and can access your corporate resources. But as you see, this is totally unrelated to WPA.