All the latest UK technology news, reviews and analysis
|
|
|
08 Dec 2009
A renowned security researcher has started a new service allowing companies to check the strength of their WPA-PSK encryption passwords.
Moxie Marlinspike, one of the team that revealed the possibility of hacking the Secure Socket Layer (SSL) at this year’s Black Hat conference, has started the WPA Cracker service for security testers and auditors.
The system uses a 400-processor cloud node to run a dictionary attack on WPA-PSK passwords. Marlinspike has developed the 135 million word dictionary specifically for this purpose.
“We offer two different cracking modes at two different prices. You can run your job against half of our CPU cluster for $17, or you can run it against the entire cluster for $34,” the service said in a statement.
“The half-mode will take at most 40 minutes to exhaust the entire 135 million word dictionary file (but hopefully we'd find your password before that), where as the full-mode will take at most 20 minutes.”
Marlinspike points out that a standard PC would take about a week to run a similar attack and the service would allow security audits in particular to check the strength of their WPA passwords.
Latest stories from Software
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
INSIDE SALES / BUSINESS DEVELOPMENT WEST LONDON...
QA Tester | Peterborough, Cambridgeshire...
TECHNICAL SALES / ACCOUNT EXECUTIVE / WEST LONDON / MARKET...
TECHNICAL SALES / BUSINESS DEVELOPMENT WEST LONDON...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Easily protect yourself
This type of brute-force attack does not apply to WPA/WPA2-Enterprise networks, which use 802.1X authentication. Even small businesses and consumers can now easily implement this advanced security using outsourced services like AuthenticateMyWiFi: http://www.NoWiresSecurity.com
Posted by: Eric Geier 21 Dec 2009
Weak excuse to play with big guns?
Wouldn't it be cheaper for a company to just calculate how strong password they need to have. Seems like its just another service for hackers with a do-good label attached on it. Newsflash: Ethical hacker steps in to the darker cloud for profit!
Posted by: Knut Kavring 09 Dec 2009