After taking part in the TI calculator key factoring project (512bit RSA is now factorable in about a month on a i7) I began to wonder about applying a similar attack against WPA.
Is there anything limiting the factoring of a WPA key?
no, I sieved a large part of the 0a key
Probably not - any weakness in the algorithyms will be in the sha1 algorithym - and before you jump to the thought of collisions, consider that the WPA key is hashed multiple times (4096 if memory serves) with the password and a few other bits and pieces (MAC address' if memory serves, among others), so any collision you find will have to be available to you from the very top.
Still not underestimating the power...
There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.