

Cloud password-cracking tool requires only 20 minutes to crack passwords. - JayNeely
http://blogs.techrepublic.com.com/security/?p=4097

======
Groxx
> _Because it is a dictionary attack using a predefined 135-million-word list,
> there is no guarantee that you will crack the WPA key, but such an extensive
> dictionary attack should be sufficient for any but the most specialized
> penetration testing purposes._

Wont work against most high-profile targets, then. I find the use of this is
probably limited to either a) attacking idiots, or b) attacking idiotic
companies who have nobody who understands basic security.

~~~
rufo
_> attacking idiotic companies who have nobody who understands basic security_

Often, it only takes one idiot.

------
todayiamme
A really awesome and simple solution would be to ask users to use non obvious
sentences as their password. Even better would be to ask them to use a non
grammatical sentence with deliberate phonetic spelling variations.

Although that would be ineffective against a sophisticated brute force attack
to crack the encryption itself over a period of days, but it would be an
awesome stopgap.

~~~
JayNeely
2011: Recent review of anonymized data finds 34% of users on major internet
services using "This is my password." as their password sentence.

~~~
todayiamme
You know you could match it against a corpus and reject the password as being
too weak. Right now it's just a graphic, but if you become proactive about it
by education through a meme or something and reject passwords. Then maybe
people will learn.

An astonishing number of those users love chain emails. It's certainly not an
exclusive set, so why don't we use that? Make it "cool", or something.

------
fragmede
Title should also include the price - $35 for the most exhaustive search.

This kind of speed has been around for a while - at the cost of a $50,000 FPGA
box (eg, <http://www.picocomputing.com/>). Too expensive for the home user,
but I'm guessing the NSA have spent way more, and have much faster computers.

A brute force on WPA is also _very_ parallelizable which makes it easy to
throw more machines at the problem.

