About the dictionnary attack, it's assuming the WPA is based on a passphrase... Which where I live is pretty much never the case ! And I believe dictionnary attacks are a sub-kind of brute force, so I stand on the point that the only way to crack WPA is brute force !
(Except if you go in the hole 196-ish thing...)