Elcomsoft claimed its Password Recovery product, which can also be used in a distributed fashion across a network for faster cracks, could speed up WPA/WPA2 passphrase guessing by a factor of 100. But what did that mean in practical terms? How long a passphrase and how fast to crack it?
I got an answer from Elcomsoft's Andrey Belenko, who said via e-mail that without dictionary words being involved, cracking is still quite intensive: perhaps three months to crack a lowercase-only random eight-character password using a PC with two Nvidia GTX 280 video cards. That's on the order of what seems reasonable, given the underlying algorithm's strength. There are 200 billion possible passphrases in this format, and some substantial hashing overhead to turn a passphrase into the WPA/WPA2 key material.
Belenko said that Elcomsoft speeds key recovery rates from 400 passwords per second on a mid-range Core 2 Duo before the GPU acceleration; that moved to 12,500 per second with a single GTX 280, and 50,000 with the Tesla S1070 ($8,000 street). For about $15,000 worth of hardware, Belenko believes that an 8-character lowercase password could be cracked in perhaps a week, a dramatic drop in cost versus recovery time and key length.