Security Basics mailing list archives
Re: Dumb question abt. Wireless WEP security
From: Steve Frank <stevefrankrit () yahoo com>
Date: Tue, 20 Jan 2004 11:46:01 -0800 (PST)
Hello Everyone, I went wardriving with a group of my friends for a project around two semi-major roads in the outer-metro Rochester NY area. The goal of our project was to determine how many wireless access points were operational; we also aimed to find out how many were using WEP and default SSIDs. Although I do not have my numbers with me as I am writing this, we found something close to 320 access points in a roughly 2 mile circle. Only a one third of those access points used WEP. Nearly all of the access points had default SSIDs. One of the guys who came along wardriving with us proclaimed that wep couldn't be broken that easily to which me and one of my good friends said that it could definately be broken easily. After some debating we decided to look into the matter further... We found that most standard WEP implementations can be broken in about 3-8 hours (assuming a small network of around 3 devices constantly communicating). From what I've been told form a variety of sources a 128-bit key can be broken in less than week's time even if the number of systems using the access point is small. Obviously the more traffic that is generated the easier the job of cracking the key will become. Further research indiciated that even the 128 bit WEP key had 40-something leading bits of plain text (which aparantly is required for the algorithm to work). Those 40-something leading bits are the catalyist for the cracking algorithm aparantly. If anyone has more information on the specific duration it takes to break a WEP-key I would be very interested to hear about it. (Don't forget to include the number of hosts that are on the network if you can determine it). Thanks in advance, Steven Frank President, SPARSA (Security Practices and Research Student Association) www.sparsa.org --- "Vizo Bilisim Ltd." <vizo () vizo com> wrote:
Hi all, There seems a general understanding that WEP is not secure enough, because theoretically WEP encyrption can be broken. The question is abot the practical usage; how easy it is for WEP to be broken? Does it suffice to sniff the wireless network for one hour, or do we need to sniff for few days? What happens if the wireless network is periodically stopped let's say every 10 hours for 15 minutes, Regards, Veli I. Cigirgan Vizo Bilisim Sistemleri Ltd. Istanbul Tel:+90(212)210 2657 Fax:+90(212)210 3678
---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course!
----------------------------------------------------------------------------
__________________________________ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security Vizo Bilisim Ltd. (Jan 20)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- <Possible follow-ups>
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)
- RE: Dumb question abt. Wireless WEP security Bruyere, Michel (Jan 26)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 26)