It all depend on the encryption scheme being used. If you brute force AES both flavors, you'll be at it for next two centuries. Android itself is not robust enough to do any serious network auditing like Linux. Your best bet is man in the middle attack where the unsuspecting goofball on the other end hands off their password.