Moxie Marlinspike's project, WPA Cracker, uses a 400-CPU cluster to crunch the numbers on captured packets from wireless networks that are protected using WPA encryption. Users can collect packets from a wireless network using popular wireless sniffer tools such as Wireshark. They then upload their data via the service's website, and wait for it to find the target password.
WPA cracker offers two levels of service for penetration testers wanting to crack a wireless network password. The first, costing $17, uses half of the cluster's power, and returns results within 40 minutes. The second level of service costs $34 and returns results in half the time.
Marlinspike claimed that the system works better than existing rainbow tables. These are databases of hashes, pre-calculated using the popular SSIDs (network names) shipped by default with wireless routers. Rainbow tables are generated by combining popular SSIDs (such as 'default' or 'linksys') with hundreds of thousands of known words in the English language. Captured network packets can then be matched against the hashes, and if any are found to match, the password can be instantly referenced.
"Since each handshake is salted with the ESSID of the network, you have to build a unique set of rainbow tables for each network that you'd potentially like to audit", Marlinspike said on the WPA Cracker site, adding that the million or so words used to compile popular rainbow tables such as those offered by the Church of WiFi are not large enough.
"WPA Cracker provides a service that can crack the PSK of a network with any ESSID, using a dictionary that is several orders of magnitude larger."
This is not the first time that someone has set out to use computing-intensive equipment to crack passwords. Russian company Elcomsoft has used the floating point processors in graphics cards to accelerate the calculations needed to crack passwords.
Last year, Marlinspike published a tool called sslstrip that showed how man in the middle attacks could be mounted against SSL connections that began as straightforward HTTP sessions. Paypal subsequently suspended his account.