Penetration Testing mailing list archives

Re: wireless WEP crack.

From: Joshua Wright <jwright () hasborg com>
Date: Tue, 21 Jun 2005 12:34:32 -0400

KoreK started to implement this attack in chopchop (which is basicallyan inverse adaptive chosen plaintext attack), but I haven't seen areleased version of chopchop that had this attack completed. If you areinterested in implementing this attack, you might consider finishingwhere KoreK started. Chopchop v0.1 is available athttp://www.netstumbler.org/showthread.php?t=12489.

Note that the concept of traditionally weak IV's (b+3:ff:n) has largelybeen deprecated. Tools such as Aircrack and WepLab use a much largergroup of IV's to recover the WEP key, making it impossible to filter allthe new classes of "weak IV" possibilities (as this would significantlyreduce the overall IV space for WEP).


-Josh

Michael Sierchio wrote:

Just out of curiosity, are there tools available to mount
the adaptive chosen plaintext attack against WEP?  This
attack always succeeds, and is not dependent on weak
keys.

--
-Joshua Wright
jwright () hasborg com
http://home.jwu.edu/jwright/

pgpkey: http://home.jwu.edu/jwright/pgpkey.htm
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

Today I stumbled across the world's largest hotspot.  The SSID is "linksys".

Current thread:

wireless WEP crack. Gwanghoon Kim (Jun 20)
- Re: wireless WEP crack. David Rajoo (Jun 20)
- RE: wireless WEP crack. Victor Chapela (Jun 20)
- Re: wireless WEP crack. Michael Sierchio (Jun 21)
  - Re: wireless WEP crack. Joshua Wright (Jun 21)
- <Possible follow-ups>
- RE: wireless WEP crack. rhorak (Jun 20)
  - RE: wireless WEP crack. Ezequiel Sallis (Jun 20)
  - Re: wireless WEP crack. Daniel Reynaud-Plantey (Jun 20)
    - RE: wireless WEP crack. Sbc Global (Jun 21)