
WPA cracker in the cloud - mcxx
http://www.wpacracker.com/
======
tptacek
This is a great idea. Moxie Marlinspike is generally someone worth watching. I
didn't do the math on his cloud hosting, but he could double the price here
and it'd still be worth it.

What this site really says is, "don't use WPA-PSK on sensitive networks."

~~~
ryanwaggoner
What should the average home user with a standard linksys router use?

~~~
cool-RR
Worry about better things.

Seriously, what's your concern? There's a very low chance that someone will be
determined enough to use tools like these to hack into your LAN, and even if
he'll do that, so what?

~~~
viraptor
> There's a very low chance that someone will be determined enough to use
> tools like these to hack into your LAN

To use you LAN no... but to use your internet? Imagine someone is determined
to get an your internet connection already and doesn't care if it's legal or
not - he starts looking for information on wireless password hacking and finds
that site. Now his choice is between a contract + installation fee + monthly
fee -vs- 17$ once.

Why would you care? For example if your country/ISP uses a 3 strikes policy.
Or you don't want police asking about that child porn distribution network. Or
.... (many reasons)

~~~
ErrantX
A 135 million word dictionary still leaves lots and lots of keyspace for
choosing an unguessable "non dictionary" password :)

------
jodrellblank
If I could get to the cloud, I wouldn't need a WPA key cracker+..

(+Comment does not not endorse theft of wireless networking).

------
blhack
A lot of people seem to misunderstand what this is for. This isn't about
breaking into your neighbor's wifi, this is about professional penetration
testers more easily being able to crack wpa-psk.

------
jmatt
Think nosey neighbors. It's, of course, unethical, invasive and rude... but
that hasn't stopped any of my neighbors from looking in the windows when they
are open.

To me the valuable part is the dictionary. The rest of this is relatively
straight forward script kiddy HOWTO stuff. Most people I know have an extra
computer that is idling 95% of the time and could run a process for 5+ days.
It's the relatively instant gratification and ease of use that I like.

------
redcap
This professional looking webpage is brought to you by the following non-
professional-looking names:

A Thoughtcrime Labs Production In Association With The Institute For
Disruptive Studies

No one else thinks this is just a little bit dodgy? I know it seems to be par
for the course for some of the security scene, but still.

~~~
caf
Moxie Marlinspike is a well-known (if a little eccentric) security researcher.

------
sheldonwt
This really is a great idea. I think this style of cloud cracking might have
larger applications as well, outside of just PSK. Inexperienced users will pay
to crack systems like this.

~~~
cottsak
Indeed. Fantastic business opportunity.

------
mleonhard
Is WPA2 still safe from this kind of attack?

~~~
jrockway
Guessing the password? Yes.

~~~
Tuna-Fish
I have to clarify: It's not just about guessing the password. If you do guess
it, even on WPA2 you could just try logging in . Try too many times, and
someone might notice. But on WPA-PSK, you can capture some traffic, and then
run huge tables of passwords against it, you don't have to do any login
attempts until you find the right one. And yes, WPA2 is safe against that.

~~~
asmosoinio
From the FAQ
<[http://www.wpacracker.com/faq.html>](http://www.wpacracker.com/faq.html>):

\----- But I use WPA2 so it's cool right?

Actually, while WPA2 introduced CCMP mode as a replacement for the problematic
TKIP, when run with authentication based on Pre-Shared Keys (PSK), it is still
vulnerable to dictionary attacks. Our service works against both WPA and WPA2
when PSK is being used.

~~~
Tuna-Fish
Thanks, it appears I was just plain wrong. Off to reconfigure some networks.

