Polls

Is there an unsecured wireless network near you?
 
Clouds to Crack WiFi Passwords

wpa cracker parrotNow you can get any of your neighbouring WPA passwords cracked for US 34$, a new cloud-based hacking service can crack a WPA network password in just 20 minutes!

The WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.

To use the service, the tester submits a small “handshake” file that contains an initial back-and-forth communication between the WPA router and a PC. Based on that information, WPA Cracker can then tell whether the network seems vulnerable to this type of attack or not.

The service was launched by a well-known security researcher who goes by the name of Moxie Marlinspike. In an interview, he said that he got the idea for WPA Cracker after talking to other security experts about how to speed up WPA network auditing. “It’s kind of a drag if it takes five days or two weeks to get your results,” he said.

Hackers have known for some time that these WPA-PSK networks are vulnerable to what’s called a dictionary attack, where the hacker guesses the password by trying out thousands of commonly used passwords until one finally works. But because of the way WPA is designed, it takes a particularly long time to pull off a dictionary attack against a WPA network.

Because each WPA password must be hashed thousands of times, a typical computer can guess perhaps just 300 passwords per second, while other password crackers can process hundreds of thousands of words per second. That means that the 20-minute WPA Cracker job, which runs 135 million possible options, would take about five days on a dual-core PC, Marlinspike said. “That has really stymied efforts of WPA cracking,” he said.

WPA Cracker customers get access to a 400-node computing cluster that employs a custom dictionary, designed specifically for guessing WPA passwords. If they find the $34 price tag too steep, they can use half the cluster and pay only $17, for what could be a 40-minute job.

The attack will work if the network’s password is in Marlinspike’s 135 million-phrase dictionary, but if it’s a strong, randomly generated password it probably won’t be crackable.

So, what is an un-crackable WPA password?

Logically there isn't one! but it’s simple enough to generate a password that only the most dedicated hacker with considerable processing power and time could be bothered cracking.  Basically, it needs to be as long as possible, from as large an alphabet as possible (i.e. include numbers, and special characters), and to be as random as possible.

What you don’t want to do is to use anything approaching a natural language word or phrase. Luckily, a wireless password doesn’t need to be remembered (but its a good idea to make a note of it somewhere!). You’re not going to be typing it in every time you “log in,” you only have to enter it once when you set up your network connection, ensuring your computer is set to remember the password.

Sources: