WPA Cracker Cloud cracks Wi-Fi Passwords

[SecUpwN]

Just picked up some "News" frome here which I found quite interesting. Here´s my share:

Administrators can now check their Wi-Fi networks for weak passwords without spending alot of money. US vendor WPA Cracker offers the pertinent service.
For $17, it will use half of its cloud of 400 CPUs to perform a dictionary attack on WPA keys.
The attack is reportedly based on a list containing 135 million entries "created specifically for WPA passwords".

According to the vendor, jobs generally take an average of 40 minutes. For twice the fee the results may be had in half the time.However, WPA Cracker can provide no guarantees:
If the key isn't contained in the dictionary, it won't be able to identify it.

Prospective customers have to provide a network traffic sample created in PCAP format using a tool like Aircrack-ng and the sample must be no larger than 10 MB.
According to the vendor, the dictionary attack is not only suitable for WPA, but also for WPA2.

Another vendor recently demonstrated that the passwords used for encrypting PKZIP archives can in some cases be established for a cost of $2,000 using cloud services.

Reading many thread on various forums about accomlishing something similar like this, it seem like someone has finally put the idea into a service.
In fact, many people have been dreaming being able to brute WPA/WPA2 using alot of computation power.

Now who of you is going to test the service for us ASAP? Tell us your opinion on the "News" above!

-SecUpwN-

P.S.: Post has been edited at least 30 times. Either the Forums already went to bed or SMFs spamfilter absolutely sucks.

Edit by Mister_X: Transforming tinyurl links into real links.

[Mister_X]

FYI, there was no real good solution for spam when we had too much on the forum and something had to be developped to do it. It is currently doing its job pretty well by preventing around 100 spam attempts every day.

If you help us cleaning all spam every day, then I will stop that spam filter.
Or you can email me the post (so that I can improve the spam filter) instead of whining

[SecUpwN]

FYI, there was no real good solution for spam when we had too much on the forum and something had to be developped to do it. It is currently doing its job pretty well by preventing around 100 spam attempts every day.

Good, I´ll accept that as a plausible reason. Still I´m not sure why SMF was that picky on the post.
It seemed like too long links were be part of the spam filters equation - and tinyurl did its best on this one. Thanks for the retransformation though.

If you help us cleaning all spam every day, then I will stop that spam filter. Or you can email me the post (so that I can improve the spam filter) instead of whining.

Oh boy, hopefully you didn´t see me shedding tears! Well, grand me a mod position and I´ll help you cleaning as much as I can.

Anyhow, what´s your opinion on WPA-Cracker?

-SecUpwN-

[Zermelo]

Here's my brief opinion.  You should definitely check out the website's faq:

http://www.wpacracker.com/faq.html

The first thing you need to note that it is not a bruteforce method, so there is no guarantee that the password will be recovered:

What if you don't find my password?
return

The job costs the same whether we find your password or not. You're paying for either the recovery (which is most often the case), or the knowledge that if you were to build an exhaustive 135 million word dictionary file & run your handshake against it for five days, you'd find nothing.

The second thing you need to note is the size of the dictionary they are using & how much time with whatever resources you have currently available to YOU would be spend on trying to crack the password yourself:

While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.

The 5 day time is estimated only on an average PC.  If you have gpu accelleration available to you, or a really fast i7, you can get anywhere from 7000 pps to 24000 pps.  In my case I have a 295 gtx with a Q9650 cpu, which gives me around 24000 pps.  So for myself, it would take

135,000,000/24,000 = 5625 seconds = 93.75 minutes = 1.5625 hours.  Which isn't that far off from their 40 minutes.  & even with a 135,000,000 word dictionary, you will at best recover in my estimate less than 20% of passphrases, especially if the handshake obtained is retrieved from a commercial source.  So what you would be paying for is most likely a reasonable assurance that the handshake is secure.

Given the state of wpa, most people would pay for such a service if their was a realistic chance of password recovery, not just to test the security of a network to some reasonable degree.  Maybe if they could show that their password recovery rate is better than 50% (which I doubt realistically they could do) then that would be worth a reasonable fee, but as it stands most of the people who's interested would be piqued by this service are people who are looking at certainty of recovery since they are actually trying to crack the password since it is in all likelihood they don't have permission to access the network, and persons of this ilk would probably be willing to have their computer on 3 to 5 days to attempt the crack.

If you're a security professional, you probably have access to clusters & gpu acceleration, so I don't see much of an appeal to those professionals either.

So in essence you are paying them to save you a couple of hours or days of computing time to most likely tell you that your password was not recovered with their dictionary.

The only way I think the service might be more appealing is to have a sliding scale fee for multiple password crack attempts.  For example: $34 to test 1 handshake, $60 for 2, $80 for 3, $100 for 6, etc.  Since this would increase the chances of recovery of at least one passphrase which would give some satisfaction to the customer and ensure that time was actually invested to attempt the crack.  But I'm not sure the time tradeoff is worth such a pricing structure.

[SecUpwN]

Hey Zermelo, good to see you back!

135,000,000/24,000 = 5625 seconds = 93.75 minutes = 1.5625 hours.  Which isn't that far off from their 40 minutes.  & even with a 135,000,000 word dictionary, you will at best best recover in my estimate less than 20% of passphrases, especially if the handshake obtained is retrieved from a commercial source.  So what you would be paying for is most likely a reasonable assurance that the handshake is secure.

Exactly. And have you noticed their payment options yet?

We use Amazon Payments. All you need is a normal account with Amazon.com, and you can use it to pay us with a credit card.

Even *if* people would consider using their service, they´d probably like to stay as anonymous as possible.
And with paying through Amazon.com, it´s just the other way around. Much better would be if they would accept the Payment through PSCs (PaySafeCards).

Hm... and while we´re at it: Why not add a live support for questions that haven´t been answered in the FAQ? 

-SecUpwN-

[Alex69]

There is something similar www.recoverwpa.com
But you would have to pay after successful recovery and not up front.

Personally I think that is the best site so far.