The was an interesting article on the Register this morning about a new cloud based service that allows you to brute force crack wireless WPA passwords. The service, run by Moxie Marlinspike of null byte prefix fame, claims it can compare your key against a 135 million word dictionary, optimised for WPA passwords, in around 20 minutes. It can achieve such speed by spreading the load over a 400 CPU cloud cluster.
Although the figures are impressive, the service falls way short of guaranteeing being able to crack your WPA password (Note, it doesn’t claim that it can). For an 8 letter key that uses upper and lower case and numbers, there are 2.18 x e14 possible combinations. This rises to 4.77 x e28 for a 16 letter password. Hence the chance of the service successfully finding your password depends on how closely it resembles a dictionary word.
Of course in reality, your WPA key almost certainly does resemble a dictionary word. If you want to make it safer but still keep it possible to remember, then increase its length as discussed here.
If you want to test the strength of you WPA password, you need to capture the WPA handshake using something like Aircrack-ng, then submit it to the site and hand over $17.
No comments:
Post a Comment