WPA-PSK Cracking As a Service 175
An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"
Build a dictionary! (Score:5, Insightful)
So for $34 you can make sure your password is part of their dictionary?
Re:One problem (Score:4, Insightful)
And Slashdot is promoting this (Score:2, Insightful)
because?
Well at least you can say Moxie has Moxie. (Score:5, Insightful)
Re:One problem (Score:5, Insightful)
Alternatively you could actually not be an asshat, get on with your neighbour and negotiate with them (over a 6 pack of beer) to allow legal access in the event of an outage.
Re:One problem (Score:3, Insightful)
Isn't it cheaper, easier, and less douchebaggy to just get an aircard?
Re:One problem (Score:3, Insightful)
Because I really find value in testing my OWN network.
If you don't, then you don't really understand security.
The point is, these dictionaries are already available to the people with their evil bit set.
If you're going "nobody's going to figure out this password," especially if you're running a business, you really should be _making sure_ that nobody's going to figure it out, rather than going on faith.
Unless you have a multi-tens-of-millions word dictionary yourself, so you can make sure that your WPA passphrase isn't in it, you're not properly protecting your network.
Re:Well at least you can say Moxie has Moxie. (Score:3, Insightful)
But that's vulnerable to a statistical analysis of the preferred distribution of cat turds. Maybe you should randomise it by giving them catnip every time they take a dump?
Re:One problem (Score:3, Insightful)
Re:And Slashdot is promoting this (Score:3, Insightful)
And this matters because..
#1: It's IT-related
#2: It's Security IT-related
#3: Within IT, it has to do with one of the most prevalent technologies in use today.
#4: And finally, it's here, because it sure as hell ain't gonna show up on CNN or the nightly news "tech" corner. Well, at least not for another 6 months or so, when it's "breaking news" to them.