

Crack WPA on the cloud - SteveOS
https://www.cloudcracker.com/

======
zdw
Ah, so don't use any of the 300,000,000 words in their dictionary -
<https://www.cloudcracker.com/dictionaries.html>

Any simple password generator (say, Apple's Keychain, or pwgen) should be able
to generate a non-dictionary key of length 12-16 characters in a few seconds
that would withstand this and most similar techniques for the next few years.

~~~
sukuriant
Where did you get 300m words from? Reading that page, I gathered they had many
billion words in their dictionary at the highest price...

~~~
lastkarrde
The big sticker in the top right hand corner of the main page
(<https://www.cloudcracker.com/css/images/sticker3.png>).

------
mattmaroon
I love how they quoted Hacker News, as if Hacker News is some sort of
editorial team.

~~~
icebraining
It was actually tptacek: <http://news.ycombinator.com/item?id=982197>

~~~
AndyKelley
If so, they misquoted tptacek.

------
bnewbold
Formerly known as moxie's wpacracker, now with stripe.com payment processing
and an API.

~~~
icebraining
Previous discussion: <http://news.ycombinator.com/item?id=982159>

------
thereallurch
At least someone found a use for all those old bitcoin mining rigs...

------
cypherpunks01
And if you lose your important WPA key and can't recover it via dictionary
attack, there's always reaver-wps: <http://code.google.com/p/reaver-wps/>

~~~
catch23
only if they have wps enabled...

~~~
icarus_drowning
A depressingly large number of recently manufactured routers _do_ , and it is
on by default by mandate of the WiFi alliance. If the router is Cisco/Linksys,
in many instances you _can't_ disable it, at least as I understand it.

------
veverkap
But if you can't get on Wifi, how do you reach the cloud? :)

------
jasonzemos
I <3 Moxie Marlinspike and all of his work. It's great to see this project is
alive and well again.

------
kevs
I'm not sure what they're using but if I recall from when this has come up
before Amazon's EC2 ToS prohibits this usasge.

~~~
martey
From a Reuters article about a similar program by German security researcher
Thomas Roth [1]:

 _"Nothing in this researcher's work is predicated on the use of Amazon EC2.
As researchers often do, he used EC2 as a tool to show how the security of
some network configurations can be improved," said Amazon spokesman Drew
Herdener._

[1]: [http://uk.reuters.com/article/2011/01/07/us-amazon-
hacking-i...](http://uk.reuters.com/article/2011/01/07/us-amazon-hacking-
idUKTRE70641M20110107)

------
philjohn
It's times like these I'm glad my WPA password is 63 characters long. It's
easy for me to remember though as it's a long sentence. Bit of a pain when
setting stuff like Apple TV up though :/

------
nodata
I'd like to see prices for both WPA _and_ WPA2 encryption.

------
dfc
What pentest team does not have this capability inhouse?

------
csomar
I don't have any knowledge in Wireless networks. Any idea how to use that?
Where do I get the handshake file and ESSID?

------
peterwwillis
Unfortunately pentesters can't send their capture files to third parties, so
this has limited uses.

~~~
windexh8er
Why not? A WPA handshake can be considered public information. Connecting to
that particular ESSID yields all that's needed to brute force WPA and would be
considered external. There's no limitations this presents to pen testers.
However, for $17 this is a relatively small dictionary set. Based on what we
use for real world pen testing we have just shy of 1 billion unique words /
phrases.

~~~
peterwwillis
Technically it's public but you need to be responsible with how you deal with
your client's data. Even if the NDA says nothing about releasing handshake
details, you still have to explain to your client why a WPA-cracking website
has details about their infrastructure.

I agree the convenience is attractive but I wouldn't want to put myself in
that position.

~~~
windexh8er
Interesting thought, but the reality of the situation is quite different. If
something is in the public domain (i.e. something you can see, hear or smell)
what provisions within the realm of the law protect you from using that
sensory data? A company's parking lot may have provisions for me not entering
it (i.e guard, fence, etc), but if I perch myself on a parking ramp across the
street and use a camera with a powerful lens I can still take pictures of cars
and people within the lot.

The same is true for radio, and conversely 802.11. If you expose yourself to
data leakage via loud APs / incorrect antenna then it should be well
understood that that information is being placed in the public domain (i.e.
WPA handshake). A would be malicious user is not bound by any of the
restrictions mentioned, and so placing them on people that are knowingly
auditing is highly counterproductive unless all the client is going for is a
warm fuzzy. This particular way of thinking about pen testing and assessments
needs to be at the forefront of the testing itself, because if the client is
that misinformed/misled they probably need more help than an incorrectly
scoped assessment.

------
chris123
Interesting. Trend.

