Cloud service to hack your WPA network in 20 minutes

Security researcher Moxie Marlinspike has come out with a cloud-based service to audit the security of a WPA network in just 20 minutes. The 400-node system works by performing a dictionary attack against a submitted snippet of the initial conversation between a PC with a wireless access point using WPA for security.

The service exploits are to a known vulnerability in WPA networks, and will not work if the password for the network is not found within Marlinspike's custom dictionary. Then again, the dictionary is also specially tailored for WPA hacking, and contains some 135 million phrases. The take-away here is to use a strong and randomly generated password for your WPA networks to foil dictionary attacks.

Anyway, the cloud service makes sense since a normal dual-core PC will take "about" five days to complete. "That has really stymied efforts of WPA cracking," noted Marlinspike, referring to the time taken to perform security audits. And yes, the service costs just $34, though customers have a $17 option if they are prepared to wait 40 minutes.

For more on this story:
- check out this article at Computerworld
- check out this article at PC World

Related Articles:
Security audits infrequent
Drowning in passwords
New attack opens the door to one minute WPA crack