Assume you wish to crack an 8-character password consisting of all lowercase English letters. That means:
26^8 = 208,827,064,576 different passwords.
208.8 Billion * (1 second / 215 keys) * (1 hour / 3600 seconds) * (1 week / 168 hours) = 1605.9 weeks = 30.88 years(!)
If you can crack faster, change the 215 keys to a larger number. As of 10-Jun-2009, pyrit’s author reports a quad-SLI equipped machine running 4 GTX-295 cards will do 84,718 keys per second. That means:
208.8 Billion * (1 second / 84,718 keys) * (1 / 604800) = 4.0756 weeks.
Running a brute force for 4.0756 weeks is within the realm of possibility.
I expect follow-up posts explaining why 8 lowercase letters will probably not be chosen by the typical router admin, but the numbers speak for themselves. My point is that the "low-hanging fruit" of weak WPA passwords just got a bit easier to discover, with time and money.
As always, only run a crack against your own WPA password, collected from your own network, or one you have permission to test. Let's not break any laws folks.
pyrit - Google Code