Security Basics mailing list archives
Re: Dumb question abt. Wireless WEP security
From: Greg Tracy <greg () sixx com>
Date: Thu, 22 Jan 2004 12:59:30 -0500
KisMac/KisMet documentation, with their built-in cracking software, states that under their tests cracking WEP using a weak scheduling attack averages 2,000,000 packets needed. Wordlist or brutforce attacks take relatively less time, but need a lot more processing power. G
From: "Michael P. Kassner" <michael () mkassner net> Date: Wed, 21 Jan 2004 19:48:48 -0600 To: "'Random Task'" <rand0m_t4sk () yahoo com>, <JGrimshaw () ASAP com>, "'Vizo Bilisim Ltd.'" <vizo () vizo com> Cc: <security-basics () securityfocus com> Subject: RE: Dumb question abt. Wireless WEP security Hello, I hope I am doing this correctly, this is my first post here. I just had to talk about this one. I have cracked WEP and it is not a picnic, but using AirSnort and enough patience you can do it. To get a few things straight the person was correct about the IV's as being the key. You have to base the amount of time required to obtain enough weak IV's on the network loading. Lets say that you are looking at a small company's network, that is 40% loaded. It will take about 5-6 hours of capture to get enough to run an analyse and usually crack the key. There are dictionary cracks that if lucky can crack it in no time. But, with a reasonable 128bit minus 40bit key it takes 5-6 hours without any luck. Remember that is a 40% loaded network. Not too many home/SOHO networks are even close to that. Next, I would like to refer you to this tutorial that talks about 802.1x. It was the interim encryption method, until WPA came out earlier this year. There is nothing really wrong with that process, as the key can be changed every set amount of packets. So, if someone like me cracked the key it would only help with lets say 5000 packets. The key change time revolves around network overhead. If you have a RADIUS server in the mix, you can easily change every 10,000 packets. It is just not worth the effort in that case. WPA is just an extension of this using AES. I have not been able to come close to cracking either of these, and the only knowledge I have of it happeneing was when the key was not changed at a preset interval and the password was a simple 6 charachter number. http://www.wi-fiplanet.com/tutorials/article.php/1041171 IMHO, if WEP is set to 128bit and a difficult password, you have the coverage sculpted so the signal stays in the required boundaries and you even enable MAC filtering, you are reasonably safe. Unless you are a very interesting catch, it is just not worth it when there are 100s of wide open networks out there. Also, I would like to dispell the theory that disabling SSID broadcast is a good idea. It is not, if you have WEP enabled, stopping the broadcast is not going to be a deterrent to any one that is capable of cracking WEP. It also adds considerable overhead to the network as there will be many more probe requests and response frames. This white paper by a very learned associate will help explain it. http://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdf Regards, mpkn3rd/k0pbx --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Dumb question abt. Wireless WEP security Vizo Bilisim Ltd. (Jan 20)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- RE: Dumb question abt. Wireless WEP security Michael P. Kassner (Jan 22)
- Re: Dumb question abt. Wireless WEP security Greg Tracy (Jan 22)
- Re: Dumb question abt. Wireless WEP security Random Task (Jan 21)
- Re: Dumb question abt. Wireless WEP security JGrimshaw (Jan 20)
- Re: Dumb question abt. Wireless WEP security Steve Frank (Jan 20)
- RE: Dumb question abt. Wireless WEP security Sarbjit Singh Gill (Jan 21)
- <Possible follow-ups>
- RE: Dumb question abt. Wireless WEP security jburzenski (Jan 20)
- RE: Dumb question abt. Wireless WEP security Rosenhan, David (Jan 20)
- RE: Dumb question abt. Wireless WEP security Giraldo Alonso Suárez (Jan 22)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 22)
- Re: Dumb question abt. Wireless WEP security crtech (Jan 26)
- RE: Dumb question abt. Wireless WEP security Bruyere, Michel (Jan 26)
- RE: Dumb question abt. Wireless WEP security Shawn Jackson (Jan 26)