Re: Dumb question abt. Wireless WEP security

[Steve Frank <stevefrankrit () yahoo com>]

Hello Everyone,

I went wardriving with a group of my friends for a
project around two semi-major roads in the outer-metro
Rochester NY area. The goal of our project was to
determine how many wireless access points were
operational; we also aimed to find out how many were
using WEP and default SSIDs.

Although I do not have my numbers with me as I am
writing this, we found something close to 320 access
points in a roughly 2 mile circle. Only a one third of
those access points used WEP. Nearly all of the access
points had default SSIDs. One of the guys who came
along wardriving with us proclaimed that wep couldn't
be broken that easily to which me and one of my good
friends said that it could definately be broken
easily. After some debating we decided to look into
the matter further...

We found that most standard WEP implementations can be
broken in about 3-8 hours (assuming a small network of
around 3 devices constantly communicating). From what
I've been told form a variety of sources a 128-bit key
can be broken in less than week's time even if the
number of systems using the access point is small.
Obviously the more traffic that is generated the
easier the job of cracking the key will become.

Further research indiciated that even the 128 bit WEP
key had 40-something leading bits of plain text (which
aparantly is required for the algorithm to work).
Those 40-something leading bits are the catalyist for
the cracking algorithm aparantly.

If anyone has more information on the specific
duration it takes to break a WEP-key I would be very
interested to hear about it. (Don't forget to include
the number of hosts that are on the network if you can
determine it).

Thanks in advance,

Steven Frank

President,
SPARSA (Security Practices and Research Student
Association)
www.sparsa.org

--- "Vizo Bilisim Ltd." <vizo () vizo com> wrote:
> Hi all,
>
> There seems a general understanding that WEP is not
> secure enough, because
> theoretically WEP encyrption can be broken. 
>
> The question is abot the practical usage; how easy
> it is for WEP to be
> broken?
>
> Does it suffice to sniff the wireless network for
> one hour, or do we need to
> sniff for few days? What happens if the wireless
> network is periodically
> stopped let's say every 10 hours for 15 minutes,   
>
> Regards,
>
> Veli I. Cigirgan
> Vizo Bilisim Sistemleri Ltd.
> Istanbul
> Tel:+90(212)210 2657
> Fax:+90(212)210 3678 
---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this
> ad and get $720 off any 
> course! All of our class sizes are guaranteed to be
> 10 students or less. 
> We provide Ethical Hacking, Advanced Ethical
> Hacking, Intrusion Prevention, 
> and many other technical hands on courses. 
> Visit us at
> http://www.infosecinstitute.com/securityfocus to get
> $720 off 
> any course!  
----------------------------------------------------------------------------
>


__________________________________
Do you Yahoo!?
Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
http://hotjobs.sweepstakes.yahoo.com/signingbonus

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------