Slashdot Mirror

← Back to Stories (view on slashdot.org)

WPA-PSK Cracking As a Service

Posted by kdawson on from the get-out-of-the-cafe-quicker dept.

An anonymous reader writes "Moxie Marlinspike, a security researcher well known for his SSL/TLS attacks, today launched a cloud-based WPA cracking service, where for $34 you can test the security of your WPA password. The WPA Cracker Web site states: 'WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes.'"

6 of 175 comments (clear)

  1. Build a dictionary! by Anonymous Coward · · Score: 5, Insightful

    So for $34 you can make sure your password is part of their dictionary?

  2. Re:One problem by Korbeau · · Score: 5, Funny

    I think the tool is not being sold to people wanting to crack into a WiFi network, rather selling to people so that they can test their WiFi network.

    [x] Check this box if you are above the age of 18 and promise not to use this tool for malicious intends.

    [BUY NOW!!!]

  3. Re:Well at least you can say Moxie has Moxie. by chill · · Score: 5, Interesting

    I'll save 'em the full $34.

    Go here: https://www.grc.com/passwords.htm

    --
    Learning HOW to think is more important than learning WHAT to think.
  4. Re:One problem by vivian · · Score: 5, Insightful

    Alternatively you could actually not be an asshat, get on with your neighbour and negotiate with them (over a 6 pack of beer) to allow legal access in the event of an outage.

  5. Re:400 CPU cluster or 400 node botnet? by mzito · · Score: 5, Informative

    Actually, in this case, it's very straightforward. He's using Amazon EC2. EC2 charges by the hour, and all you have to do is spin up the number of servers you want. In fact, I happened to run the numbers on what the costs are for running 50 "8-core" servers, and it happens to be...$34/hour. So, what he did was say, "If I run two jobs an hour, I make a small amount of money. If I run 4-5 jobs per hour, I make more money"

    This is, of course, a textbook use case for EC2, and I'm surprised no one has done it sooner.

    --
    me@mzi.to
  6. Re:Well at least you can say Moxie has Moxie. by Power_Pentode · · Score: 5, Funny

    Pfft, that's only pseudo random data, why settle when you can get true random data

    No "random" data that you get from the net should be trusted. I throw old 16-sided gaming dice to generate a transparent X-Y grid, which is then set over the top of my cat's litter box. The positions of the cat turds are normalized against a reference litter box and fed into a fancy matrix algorithm, the output of which is SHA4 hashed and truncated to make the WPA2 key.