Penetration Testing mailing list archives
RE: Cracking WEP and WPA keys
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Tue, 13 Dec 2005 10:58:04 -0500
Cracking WEP depends on a ton of stuff. If you're cracking it looking for weak IVs, you'll need an AP that has weak IVs. Most of the new ones avoid them to one degree or another. What AP are you using? I used a Linksys in my initial testing (a couple years ago) and cracked the key in 4 hours. I also tried to crack a Cisco 350 (replaced by the 1200 series) and never was able to crack the key using that method, even after running for days. Another thing, that "crack in seconds" is based on already having hours or days worth of traffic to use. There are some new tools that generate traffic rather than having to wait for it and some of the new cracking methods are better or worse, depending on your perspective. I think some of these "WEP is worthless" stories are overly sensational. Yes, WEP is broken, ok, possibly even horribly broken but it stops a 'casual connector', it even stops quite a few determined hackers (it stopped you;). If you're the NSA...ok, WEP is worthless....the people attacking you are determined, well financed professionals. If you're my mom, checking her e-mail from home with a wireless laptop, I think WEP is perfectly fine. Installing everything needed for a good PEAP implementation for my mom is absolutely insane. Most people are gonna be someplace in the middle where a little bit of risk evaluation is in order. -----Original Message----- From: Robin Wood [mailto:dninja () gmail com] Sent: Tuesday, December 13, 2005 5:09 AM To: pen-test () securityfocus com Subject: Cracking WEP and WPA keys Hi I've just been on a wireless security course where there was a lot of talk about WEP keys being poor security and easily crackable. I got home and decided to put it to practice and use aircrack against my own WEP key. Using airodump and aireplay I collected 1 million IVs and set aircrack off attacking it. After around 4 hours I got bored of waiting and on another machine tried playing with aircracks debug option where you can pass sections of the key you already know. I found if I passed the whole key except the last digit it could be cracked with a fudge factor of 2, if I removed the last 2 digits then I had to up the fudge factor to 5 and up it to 8 if I removed the last 3 digits. With anything less than the fudge factor mentioned I was told that it couldn't crack the key. All the examples I've seen seem to suggest that cracking should take minutes not hours and all keys should be crackable. What experiences do other testers have? Have I done something wrong? I abandoned the full attack after 5 hours as it was running with the default fudge factor of 2 so would probably not have managed to crack the key. I've also seen a video on the Remote Exploit site showing a WPA key cracked in 10 minutes using cowpatty and a dictionary attack. How realistic is this? Robin ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Cracking WEP and WPA keys, (continued)
- Re: Cracking WEP and WPA keys Dave Bush (Dec 13)
- Re: Cracking WEP and WPA keys Seth Fogie (Dec 13)
- Re: Cracking WEP and WPA keys Erin Carroll (Dec 13)
- Re: Cracking WEP and WPA keys Robin Wood (Dec 14)
- Re: Cracking WEP and WPA keys Robin Wood (Dec 14)
- Re: Cracking WEP and WPA keys Dave Bush (Dec 13)
- Re: Cracking WEP and WPA keys Seth Fogie (Dec 13)
- Re: Cracking WEP and WPA keys Joachim Schipper (Dec 13)
- Re: Cracking WEP and WPA keys Robin Wood (Dec 13)
- Re: Cracking WEP and WPA keys Michael Sierchio (Dec 13)
- Re: Cracking WEP and WPA keys marko ruotsalainen (Dec 14)
- RE: Cracking WEP and WPA keys Shenk, Jerry A (Dec 13)
- Re: Cracking WEP and WPA keys Alvin Oga (Dec 13)
- Re: Cracking WEP and WPA keys Seth Fogie (Dec 13)
- RE: Cracking WEP and WPA keys cerealkilla (Dec 15)
- RE: Cracking WEP and WPA keys Sahir Hidayatullah (Dec 16)
- RE: Cracking WEP and WPA keys Josh Perrymon (Dec 13)
- Re: Cracking WEP and WPA keys pagvac (Dec 14)
- Radio Signal Pent test (RFID) Louie (Dec 14)
- Re: Radio Signal Pent test (RFID) Toufeeq Hussain (Dec 27)
- Re: Cracking WEP and WPA keys David M. Zendzian (Dec 14)
- Re: Cracking WEP and WPA keys Demetrio CarriĆ³n (Dec 16)
- Radio Signal Pent test (RFID) Louie (Dec 14)
(Thread continues...)
- Re: Cracking WEP and WPA keys Dave Bush (Dec 13)