New cloud-based hacking service can crack Wi-Fi passwords in 20 minutes
Summary: A new, cloud-based hacking service says it can crack a WPA Wi-Fi network password in just 20 minutes.
A new, cloud-based hacking service says it can crack a WPA Wi-Fi network password in just 20 minutes.
Announced on Monday, the $34 "WPA Cracker" service is a tool for security auditors and penetration testers to test breaking into certain types of WPA networks.
The service leverages a known vulnerability in Pre-shared Key (PSK) networks usually used by home and small-business users.
To use it, the tester first submits a small file that contains an initial communication between the WPA router and a computer. Based on that information, WPA Cracker can then figure out whether the network is vulnerable to a type of attack.
According to the service's website:
WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over five days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.
The service was launched by security researcher Moxie Marlinspike. In an interview with PC World, he said that he got the idea for the service after discussing how to speed up WPA network auditing with other security experts.
The $34 price tag is for the whole cluster. Using half the cluster costs $17, but the job could take 40 minutes.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
And the site shouldn't be close down, and the owner arrested because...
How about just running a "rent-a-thief" service instead?
Because....
Non-illegal?
Kinda like arresting the cops for running an undercover sting?
Don't worry about the crooks
Nope, not 'splitting hairs'
legal. Now that I have seen this however..... I am
going to change my plain-text password for my
wireless router.
Don't need a password
MAC Filters
Because ... it's the INTERnet
and they set up in a host country that doesn't care as long as they keep paying the taxes and kickbacks to the corrupt third-world government and its officials.
Pass all of the laws you want. They don't care. They just go somewhere uncivilized, and keep stealing. Shut them down in one place today, and they'll be open again tomorrow in another country that has no extradition.
Nothing illegal
Just as with a hammer and screwdriver, you can build a house or a weapon using the same tools.
This is just a tool.
I think the MORE impressive precedent here is that we can effectively outpace Moore's law using cloud computing. So "the cloud" puts a supercomputer in your living room for a few hundred bucks.
Now anyone can do prime number searches without access to university or government resources, as long as they have the scratch to pay for a few hours (days?) of cloud-time.
By the way.... like the hammer, screwdriver, and WPA password cracker, prime number searches ALSO threaten encryption, so should we immediately cease and desist?
wait till the hash cracking services show up
For 64 Character Passwords
lower case letters, numbers, and special characters?
My thoughts exactly...
I wouldn't set-up a wireless network without WPA2 and without at least a 25 digit passphrase, usually longer.
It would be interesting to know if this service can cater for longer passphrases or not. If it is just doing single words and common phrases, then it won't help much...
As an aside, I though I would have to tell my girlfriend about secure passwords, as she doesn't like or understand computers. But I caught her typing in her password the other day, it was well over 30 characters! :-O
WPA-PSK cracking isn't practical with a 11 character random password
random password, and I don't care how big your cloud is.
This is a non-issue so long as you have even the most
basic PSK complexity.
Headline should have been "... can crack [b]weak[/b] Wi-Fi passwords...
RE: New cloud-based hacking service can crack Wi-Fi passwords in 20 minutes
RE: New cloud-based hacking service can crack Wi-Fi passwords in 20 minutes
This is a major problem with cloud computing. You're only as safe as their weakest link and it's usually a sys admin who uses system as the username and password as the password for a firewall system because they're too lazy to keep things on record somewhere else.
Mike
RE: New cloud-based hacking service can crack Wi-Fi passwords in 20 minutes
not to mention that looking at the website offering the service it requires you to capture the signal before uploading it for them to tell you the key, great so long as the person didnt setit up with more than one key which changes every few hours /
Go Cloud Computing
Lets put our computing and processing in the cloud.
Lets all access the Internet via Cable broadband and WiFi.
Lets all pretend that cloud computing is so great.
Regarding cracking WPA, try not using PSK?
I LOVE Ham Radio!
ZD8mm&CO2om!TU6xmd
Crack THAT with your 135-million-word dictionary!
And on the sticky note to remember it are the words
Mary&Carlos!Tocsin
People watching over your shoulder probably won't get it, unless they're using a video camera and can replay it several times.