Does the security of your company’s WiFi networks keep you awake at night? Would you like to test the strength of the passwords to that network but can’t afford to tie up a computer for days or weeks to do it? Then a new service called WPA Cracker might be for you.

The recently launched pay-as-you-go service is aimed at “penetration testers.” It links some 400 computers in “the cloud” to accomplish in minutes what would take days or weeks for a single desktop or laptop.

Designed to crack WPA or WPA2 passwords when PSK is used, the service uses massive compilations of words to mount dictionary attacks on a wireless network. It will also crack passwords to zip archives.

The main dictionary used by the service contains 135 million English password possibilities tailored to networks protected by WPA or WPA2. In addition, there’s a 284 million word extended dictionary and 100 million digit dictionary. The extended dictionary is not a superset of the standard dictionary. That is, words in the extended dictionary are not found in the standard one. The digit dictionary contains permutations of passwords composed eight-character-long numbers. Each dictionary can be run against a network separately or in aggregate as a mammoth 520 million password resource. A German dictionary is also offered by the service.

Unlike the dictionary approach to WPA cracking, the service’s Zip cracking feature is a brute force attack. It will try every variation of a character set on the maximum length of a password. Attacks on other file types are planned for the future, according to the service’s Web site.

For pricing purposes, the entire cloud cluster can be deployed or a half set of it. The half cluster option, which takes about 40 minutes to run, costs $17. For a full cluster attack, which takes about 20 minutes to run, the cost is $35. Similar assaults  would take an average of five days if run from a single desktop computer, longer if launched from a notebook computer, according to the service.

Zip file attacks range from $34 to $102, depending on character set and password length.

Payments can be made through Amazon payments and must be made whether or not a password is cracked. Of course, the sense of security a network administrator may feel when the service fails to break into his or her wireless network may be worth the price of failure.

There are a number of free alternatives to WPA Cracker. “Rainbow Tables,” for example, abound on the Internet–most notably at the Church of WiFi. Although those tables facilitate password attacks, they’re limited to individual network ESSIDs. Although thousands of tables have been created for the most common ESSIDs, if your network doesn’t have an ESSID for which a corresponding table has been created, then you’re out of luck. What’s more, when WPA encryption is enabled on a network, the ESSID is often changed to something less common than was used out of the box.

Another drawback to free alternatives is that their dictionaries are substantially smaller than the ones used by WPA Cracker. The Openwall Project, for instance, offers a free dictionary of some four million entries in 20 languages–including Afrikaans, Croatian, Czech, Danish, Dutch, English, Finnish, French, German, Hungarian, Italian, Japanese, Latin, Norwegian, Polish, Russian, Spanish, Swahili, Swedish, Turkish, and Yiddish– that can be used with programs like John the Ripper. For $28.25, the Project offers a CD with a larger list with some 40 million entries. It includes word mangling rules to discover passwords where capitalization or digits have been added to words. However, according to WPA Cracker, those dictionaries are better at cracking Unix passwords than they are at discovering WPA passwords. The dictionaries in WPA Cracker, the service maintains, are created with word combinations, phrases, numbers, symbols and elite speech that have been proven to be successful in attacks on WPA watchwords.

“Security is moving into the cloud … so the attacks will follow security into the cloud as well,” WPA Cracker’s creator Moxie Marlinspike told MIT’s Technology Review. “Password cracking is an obvious thing. Normally, it is cost-prohibitive to run CPU-intensive jobs. [With cloud computing] it costs a lot less money than doing it yourself.”