Re: Dumb question abt. Wireless WEP security

[Greg Tracy <greg () sixx com>]

KisMac/KisMet documentation, with their built-in cracking software, states
that under their tests cracking WEP using a weak scheduling attack averages
2,000,000 packets needed. Wordlist or brutforce attacks take relatively less
time, but need a lot more processing power.

G

> From: "Michael P. Kassner" <michael () mkassner net>
> Date: Wed, 21 Jan 2004 19:48:48 -0600
> To: "'Random Task'" <rand0m_t4sk () yahoo com>, <JGrimshaw () ASAP com>, "'Vizo
> Bilisim Ltd.'" <vizo () vizo com>
> Cc: <security-basics () securityfocus com>
> Subject: RE: Dumb question abt. Wireless WEP security
>
> Hello,
>
> I hope I am doing this correctly, this is my first post here.  I just had to
> talk about this one.  I have cracked WEP and it is not a picnic, but using
> AirSnort and enough patience you can do it.  To get a few things straight
> the person was correct about the IV's as being the key.  You have to base
> the amount of time required to obtain enough weak IV's on the network
> loading.  Lets say that you are looking at a small company's network, that
> is 40% loaded.  It will take about 5-6 hours of capture to get enough to run
> an analyse  and usually crack the key.  There are dictionary cracks that if
> lucky can crack it in no time.  But, with a reasonable 128bit minus 40bit
> key it takes 5-6 hours without any luck.   Remember that is a 40% loaded
> network.  Not too many home/SOHO networks are even close to that.
>
> Next, I would like to refer you to this tutorial that talks about 802.1x.
> It was the interim encryption method, until WPA came out earlier this year.
> There is nothing really wrong with that process, as the key can be changed
> every set amount of packets.  So, if  someone like me cracked the key it
> would only help with lets say 5000 packets.  The key change time revolves
> around network overhead.  If you have a RADIUS server in the mix, you can
> easily change every 10,000 packets.  It is just not worth the effort in that
> case.  WPA is just an extension of this using AES.  I have not been able to
> come close to cracking either of these, and the only knowledge I have of it
> happeneing was when the key was not changed at a preset interval and the
> password was a simple 6 charachter number.
>
> http://www.wi-fiplanet.com/tutorials/article.php/1041171
>
>
>
> IMHO, if WEP is set to 128bit and a difficult password, you have the
> coverage sculpted so the signal stays in the required boundaries and you
> even enable MAC filtering, you are reasonably safe.  Unless you are a very
> interesting catch, it is just not worth it when there are 100s of wide open
> networks out there.  Also, I would like to dispell the theory that disabling
> SSID broadcast is a good idea.  It is not, if you have WEP enabled, stopping
> the broadcast is not going to be a deterrent to any one that is capable of
> cracking WEP.  It also adds considerable overhead to the network as there
> will be many more probe requests and response frames. This white paper by a
> very learned associate will help explain it.
>
> http://www.icsalabs.com/html/communities/WLAN/wp_ssid_hiding.pdf
>
> Regards,
>
> mpkn3rd/k0pbx
>
>
> ---------------------------------------------------------------------------
> Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
> course! All of our class sizes are guaranteed to be 10 students or less.
> We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention,
> and many other technical hands on courses.
> Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off
> any course!  
> ----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------