Re: Cracking WEP and WPA keys

[Joachim Schipper <j.schipper () math uu nl>]

On Tue, Dec 13, 2005 at 10:09:21AM +0000, Robin Wood wrote:
> Hi
> I've just been on a wireless security course where there was a lot of talk
> about WEP keys being poor security and easily crackable. I got home and
> decided to put it to practice and use aircrack against my own WEP key.
>
> After around 4 hours I got bored ...

> All the examples I've seen seem to suggest that cracking should take minutes
> not hours and all keys should be crackable. What experiences do other
> testers have? Have I done something wrong? I abandoned the full attack after
> 5 hours as it was running with the default fudge factor of 2 so would
> probably not have managed to crack the key.
>
> I've also seen a video on the Remote Exploit site showing a WPA key cracked
> in 10 minutes using cowpatty and a dictionary attack. How realistic is this?

I am not very good at this, since I do not own or care for wireless, but

*do* take in mind that you're comparing a complete brute-force with a
dictionary attack. It's not surprising that the dictionary attack is
much faster, even against a better algorithm.

                Joachim

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------