Correct me if I'm wrong, but this isn't a brute force attack, its a dictionary attack. A brute force attack would go through every iterattion, like 00001, 00002...
As a followup we will demonstrate that technically advanced attacks on the ssh protocol are unnecessary when we are breaking in to a predetermined account with the password 'aardvark'.
How is this news? Connecting to a WPA protected AP to brute force a single character (256 times) isn't particularly impressive or useful. The speed at which the connects happen still make this impractical for large-scale attacks (or, attacks on an entire keyphrase).
The author decided to show that if he knew all but one character of his network password, he could bruteforce the missing character. To that end, he took all 256 possibilities for that character, and computed the resulting keys. Then tried connecting with those keys.
This shows a connection rate of 30 attempts/2 minutes which is 0.25/second. That is not practical for most attacks.
The way my cable modem is set up, there are only 16 bits of the WPA key that aren't shared with the MAC address in an obvious way. Because of the configuration, it's impossible for me to change this. So anyone with this knowledge can break into my network by changing two characters -- pretty trivial.
Time Warner Wideband. I work around it by having a router behind the modem which firewalls off the rest of the network -- I treat the modem's side as completely untrusted. Not perfect, but it works.
I've been wondering why know one hasn't written an application yet that breaks into a W-Lan Network as an alternative to typing in a password.
Obviously there are some legal considerations in certain countries regarding development, possession and usage of such an application but the risk seems to be rather small if you restrict network services, change the MAC and use End-to-End encryption. Besides you might even get away with calling it a tool for penetration tests.
