I think the only way right now to make WPA cracking feasible is to work with cloud resources.
First, to the OP, 12 characters is just too long using a alpha-numeric (lowercase) set (as i8igmac noted).
However, I have been working on AWS AMI GPU instances (using spot pricing so it's cheaper) and then taking advantage of Pyrit CUDA while distributing the brute-forcing among 10+ running instances. Further, if you get your hands dirty in trying to understand how the GPU functions, you can tweak this as well to increase speed.
The Pyrit benchmark wasn't very good out of the box (one instance got me to 45K pmks/s), and having 3 running, let's say with 8 character psks, out of lowercase alpha and numeric, you would have 36**8 = 2,820,000,000,000 possible psks. At 45K/s, you get 62,691,331 seconds, which is 1,044,855 minutes, or 43,535 hours, or...1813 days.
So I've gotten this closer to 100,000 psks/s, and wrote a python script to distribute the crunch output to each instance (not sure if this is the best solution as you use bandwidth to distribute Crunch output, and that adds cost), and also have tried running Pyrit using twisted (python library for async/multi-threading) although I'm not sure if this is helping or not...need to determine how Pyrit runs. But at the end of the day, if I get 15 instances each running 100,000 psks/s, then we have:
100,000 x 15 = 21 days
With costs (if I did my math right and assuming spot prices are correct) (.70/hr (per instance) x 24 hours x 21 days = $352. Obviously you wouldn't likely run it for the entire 21 days as you would be successful before that...so let's day 1/2 of this on average, or 10.5 days @ $175.
Besides processing power which I'm working on, the other thing that could potentially speed this up is dictionaries. Personally I don't think a dictionary is reliable unless you know the target very well and can generate masks or have a reasonable guess as to a portion of the psk. What I want to do I'd find the best wordlists, aggregate them all, remove all passwords under 8 characters (and my current list is around 25GB)... And this is why I read this OP, because I'd like to efficiently try to remove any words in the wordlist from Crunch, so I'm not just adding a dictionary followed by Crunch... But as I only know python, I'm not sure if there isn't a way to this where generating the words to be checked doesn't slow down the actual hash comparison in Pyrit.
By the way, I still see endless debates over Pyrit vs. OclHashcat. Anyone have experience with both and can explain their preference?
