Cracking WEP in less than 60 seconds

How to crack WEP in less than 60 seconds.
<http://eprint.iacr.org/2007/120.pdf>
Actually, it typically takes about 3-10 seconds to recover the WEP
key.
<http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/>
I built it and ran it under Umbutu 6.10 using capture files from
airdump-ng. Works fairly well on the neighborhood assortment of older
PBI/SBC/at&t supplied 2Wire wireless routers that default to WEP
encryption even though they are capeable of doing WPA and WPA2.
However, it failed on an access point with custom tweaked firmware
designed to discourage ARP injection, re-injetion, and flooding as
airdump-ng could not get the required number of ARP replies in a
reasonable amount of time.

Moral: WEP really sucks. Use WPA or WPA2 instead.

--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:

<snip>

> <http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/>

<snip>

> However, it failed on an access point with custom tweaked firmware
> designed to discourage ARP injection, re-injetion, and flooding as
> airdump-ng could not get the required number of ARP replies in a
> reasonable amount of time.

According to the tu-darmstadt site their software can't crack 256bit WEP
either.

BTW it's a statistical test: using less than 40.000 frames in 50 pct of
all cases.

A 50 pct crtitical region (or 50 pct significance level) is quite large
(small) in statistical tests. Levels are usually set to 90 - 95 pct (10
- 5 pct). Using those values will (probably) result in the usual time
taken to crack WEP.

Jeff Liebermann trolled:

> How to crack WEP in less than 60 seconds.
> <http://eprint.iacr.org/2007/120.pdf>
> Actually, it typically takes about 3-10 seconds to recover the WEP
> key.
> <http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/>
> I built it and ran it under Umbutu 6.10 using capture files from
> airdump-ng. Works fairly well on the neighborhood assortment of older
> PBI/SBC/at&t supplied 2Wire wireless routers that default to WEP
> encryption even though they are capeable of doing WPA and WPA2.
> However, it failed on an access point with custom tweaked firmware
> designed to discourage ARP injection, re-injetion, and flooding as
> airdump-ng could not get the required number of ARP replies in a
> reasonable amount of time.
>
> Moral: WEP really sucks. Use WPA or WPA2 instead.
>

256 or 512 bits WEP?
So try to crack mine. Ho ho ho!

F8BOE <f8boe@bluemail.ch> hath wroth:

>Jeff Liebermann trolled:
>
>> How to crack WEP in less than 60 seconds.
>> <http://eprint.iacr.org/2007/120.pdf>
>> Actually, it typically takes about 3-10 seconds to recover the WEP
>> key.
>> <http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/>
>> I built it and ran it under Umbutu 6.10 using capture files from
>> airdump-ng. Works fairly well on the neighborhood assortment of older
>> PBI/SBC/at&t supplied 2Wire wireless routers that default to WEP
>> encryption even though they are capeable of doing WPA and WPA2.
>> However, it failed on an access point with custom tweaked firmware
>> designed to discourage ARP injection, re-injetion, and flooding as
>> airdump-ng could not get the required number of ARP replies in a
>> reasonable amount of time.
>>
>> Moral: WEP really sucks. Use WPA or WPA2 instead.

>256 or 512 bits WEP?
>So try to crack mine. Ho ho ho!

<http://en.wikipedia.org/wiki/Wired_Equivalent_Privacy>
"Key size is not the only major security limitation in WEP. Cracking a
longer key requires interception of more packets, but there are active
attacks that stimulate the necessary traffic. There are other
weaknesses in WEP, including the possibility of IV collisions and
altered packets, that are not helped at all by a longer key. See
stream cipher attack."


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Mon, 16 Apr 2007 18:58:18 +0200, F8BOE <f8boe@bluemail.ch> wrote in
<4623ab29$0$6092$426a74cc@news.free.fr>:

>Jeff Liebermann trolled:

>> Moral: WEP really sucks. Use WPA or WPA2 instead.
>
>256 or 512 bits WEP?
>So try to crack mine. Ho ho ho!

Misplaced confidence is a fast track to insecurity.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

"John Navas" <spamfilter1@navasgroup.com> wrote in message
news:l6i823hdtr5kp34pjqgvsjbj8o3akeo8g2@4ax.com...
> On Mon, 16 Apr 2007 18:58:18 +0200, F8BOE <f8boe@bluemail.ch> wrote
> in
> <4623ab29$0$6092$426a74cc@news.free.fr>:
>
> Misplaced confidence is a fast track to insecurity.
>


Are you sure about that John ?

;-)

Eric

--
Remove the dross to contact me directly