WPA-PSK Cracking As a Service 175
An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"
$34 you can test the security of your WPA password (Score:1, Informative)
Only an idiot would pay $34 to see if their password was '12345'.
You can get a nice entropic password for free. [grc.com]
It's actually $17 for 40 min. (Score:2, Informative)
...$34 is the super-fast price.
Re:Well at least you can say Moxie has Moxie. (Score:5, Informative)
https://www.fourmilab.ch/hotbits/secure_generate.html [fourmilab.ch]
https://www.random.org/passwords/ [random.org]
Re:400 CPU cluster or 400 node botnet? (Score:5, Informative)
Actually, in this case, it's very straightforward. He's using Amazon EC2. EC2 charges by the hour, and all you have to do is spin up the number of servers you want. In fact, I happened to run the numbers on what the costs are for running 50 "8-core" servers, and it happens to be...$34/hour. So, what he did was say, "If I run two jobs an hour, I make a small amount of money. If I run 4-5 jobs per hour, I make more money"
This is, of course, a textbook use case for EC2, and I'm surprised no one has done it sooner.
Re:Well at least you can say Moxie has Moxie. (Score:3, Informative)