1) It's a FACT that WEP/WPA can be broken given sufficient resources/interest.Originally Posted by Abraxas
2) If you're WPA cracking an AP that isn't your, then it's highly likely that you're breaking the law (of course there are exceptions to this rule of thumb but in the majority of cases it applies).
3) If it's not yours and you actually fall into one of those special cases you'd be better of simply getting the config/configuration guide used by the client and commenting on any deficiencies vs industry best practice than spending hours and client $ on pointless cracking (trying to prove something that is FACT). Additionally, you should perform a threat and risk analysis of their data/business/competitors, etc. (more on this below).
4) Yes you can get specialized hardware for this type of work.
5) Lets say you're "doing it for a friend" or something like that. Then #3 still applies and you're only costing yourself money. Lets assume your a consultant that gets paid $20 an hour, so you waste 4 hours (you said several, so I'm assuming 2 is a couple and 4 is several) plus say an hour for setup and analysis after completion. You've lost $100 in order to prove something known as FACT when you could have spent 15mins reviewing their config and tweaking it to follow industry best practice.
It doesn't take long to perform a quick TRA based on the reasonable man type tests:
1) Are there other open or more weakly configured APs nearby?
2) Is the data processed via the network or associated systems of sufficient interest to an attacker? How much time/energy/gear would they spend/consume to attack the target and access such data? (No the NSA doesn't care about your random word and excel docs at home, no an attacker isn't going to waste days trying to hack your AP and then a few more to hack your box to get your tax return [there are much quicker ways to steal someone's identity]).
3) Is the AP configured following industry best practices?
4) etc. (You get the idea, it doesn't have take long.)
