I'm just brainstorming here but I think I'm onto something.
Problem: WPA-PSK is vulnerable to attacks from pre-computed hash table created by essid, but this is difficult to demonstrate in the field, and without using resources to create tables.
Proposal: An free online based tool to audit wpa passwords.
- Webpage based: This was my original idea but I see it being abused too easily, its too hard to weed out skiddies. Best solution I came up with was asking technical questions, if nothing else it would teach use of google. Otherwise I considered Email based auth for a manual approach, just letting everyone in, but they all have serious caveats
- Program(authentication at least) based: This program would request BT forums username and password to verify a minimum post count in this method; login, get $Username via "Welcome $Username" get postcount via "hxxp://wxw.backtrack-linux.org/forums/members/$Username.htm" if postcount >10 upload cap to server and let it work its magic
Result: One step closer to that big red button
Notes:I'm willing to provide hardware, some time, but im not taking a loss to serve this, electricity and hosting isnt free, ad based income would likely be sufficient, on the same token, additional revenue would be donated to hfc. This will all be open source, and to get this operational in a timely fashion community support will be required. The convoluted auth process sucks(see issues) but how else can this be done without just passing it to something made on backtrack servers, or passing creds to untrusted(me) servers? A database from new essids, passwords added over time could be very useful considering
Issues: Even with the proposed program auth process and a closed source file pointing to the WPA-audit server, the server address could easily be sniffed, exposed to the skiddies(thought about ssl but host is still plaintext, isnt it? ssh tunnel maybe?(but then who hosts that?) proxy?) How to make money back(force popup to remain on screen until password found or max time?) just go with webpage based (are we going in circles here?) I might be stepping on toes.
option to test your area codes phone numbers - not added to db
other such options, add a name or other profiling options to permutate
more to come(hopefully)