WiFi cracking service breaks WPA passwords in 20 minutes

The cloud-based service - which costs $17.00 a time - reportedly uses a 400-node cluster of computers to run through around 130 million WPA password combinations in 20 minutes.

To use the service, internet users upload a copy of the handshake file that occurs when a WiFi device starts negotiating a link with a WiFi access point and the wpacracker.com site advises whether the password is crackable or not.

The security researcher behind the new service said that, whilst rainbow tables can be used to crack a WPA password, they have not been used in his database. In his explanation about rainbow tables, he noted that the Church of WiFi  has uploaded a collection to the Net.

The problem with rainbow tables, Marlinspike said, is that "since each handshake is salted with the ESSID of the network, you have to build a unique set of rainbow tables for each network that you'd potentially like to audit".

Marlinspike added that the Church Of Wifi has gone to heroic efforts to build tables for the 1000 most popular ESSIDs, "but we find that this is often not enough".

"If someone has enabled WPA encryption on their wireless network, chances are that they've changed their ESSID to something that's not very common as well."

Interestingly, Marlinspike appears to have developed the code that drives the 400-node network himself, rather than use the OpenWall dictionary as a number of experts have when developing their own personal software to complete the WPA cracking process.

In the service's FAQs, Marlinspike said that that "in our experience the OpenWall dictionaries were tailored more specifically for Unix logins than for WPA networks".

"Our dictionary was meticulously compiled with WPA cracking in mind, and includes word combinations, phrases, numbers, symbols, and elite speak. It has worked quite well for us, and now we're hoping that it can be helpful for you."

What’s Hot on Infosecurity Magazine?