WPA-PSK Cracking As a Service 175
An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"
Re:One problem (Score:5, Funny)
I think the tool is not being sold to people wanting to crack into a WiFi network, rather selling to people so that they can test their WiFi network.
[x] Check this box if you are above the age of 18 and promise not to use this tool for malicious intends.
[BUY NOW!!!]
Re:And Slashdot is promoting this (Score:2, Funny)
Because this is news for nerds, stuff that matters.
Dumbass.
who uses WPA anyways? (Score:2, Funny)
Who uses WPA or WEP anyways? Either you leech your neighbor's unprotected WiFi, you live far enough away from other homes so that your signal doesn't leave your property, or you maintain a separate DMZ of wireless IPs that can't get into the good stuff, but can access the Internet.
Next people will say that MAC address security is actually meaningful.
Do you trust moxie? (Score:1, Funny)
Given his infamous reputation for exploiting SSL, do you trust moxie?
What happens if he says your passphrase survived the 20 minute test dictionary run, you put it in production, and he leaves the system running and breaks it later in a brute force attack? Would they tell you that it was cracked then?
$34? I can undercut that. (Score:4, Funny)
For $30 I'll run the command-line random number generator I found on the web and send you a 60 digit number.
If you act today, that's only 50 cents a number!
Re:Build a dictionary! (Score:5, Funny)
Re:One problem (Score:2, Funny)
If their password appears in a dictionary, even one of 135 million words, then you could probably impress that client with shadow puppets, or blowing bubbles.
Re:If it can be brute forced you're doing it wrong (Score:3, Funny)
I thought this [xkcd.com] was how you brute forced a password in less than 30 minutes.
Re:Well at least you can say Moxie has Moxie. (Score:5, Funny)
Pfft, that's only pseudo random data, why settle when you can get true random data
No "random" data that you get from the net should be trusted. I throw old 16-sided gaming dice to generate a transparent X-Y grid, which is then set over the top of my cat's litter box. The positions of the cat turds are normalized against a reference litter box and fed into a fancy matrix algorithm, the output of which is SHA4 hashed and truncated to make the WPA2 key.
Re:Build a dictionary! (Score:2, Funny)
Holy shit. How did you get my password?
Re:One problem (Score:2, Funny)
Any clued neighbor wouldn't be allowing others onto their wi-fi.
Considering my neighbour is hot, blonde and single, if she wants to use my connection to download pr0n I'm sure we can come to some sort of arrangement...
Re:Well at least you can say Moxie has Moxie. (Score:3, Funny)
"I trained your cat to turd in predefined locations. I'm now 0wning your box."
That string is my WPA-PSK password! How did you get it!