- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS
I heard about a new WEP cracking technique. Can you explain it?
WEP has been generally recognized as broken since 2001 when Fluhrer, Mantin, and Shamir, commonly known as FMS, published their paper Weaknesses in the Key Scheduling Algorithm of RC4. However WEP continues to still be in widespread use despite the common knowledge that it is severely inadequate, and at most provides a minor nuisance to an attacker. This could be from a myriad of reasons, after all many embedded devices were produced when WEP was the de-facto standard for securing WLANs and it can take a while for them to be upgraded or replaced. It can also take a while for what anyone involved in security day-to-day knows to trickle out to the rest of the world, and as a result many people setting up wireless networks in SOHO environments may think WEP is still the way to go. Nevertheless, WEP is unfortunately still being used.
Initial tools based off of the FMS technique required on the order of 5 to 10 million frames to be captured. This is in order to gather enough frames encrypted with "weak" IVs that could be correlated with bytes in the RC4 key used to encrypt the contents of the frame. Among the tools that implemented this technique was the original version of AirSnort. However the attack was viewed as impractical as it could take quite a while (at the time) to collect enough traffic. Still a stop-gap solution was developed - using WEP with 802.1X to cycle WEP keys automatically. By doing this, any single WEP key wouldn't be in use long enough for an attacker to crack it.
However, new tools developed that expanded the number of IVs that were usable for determining the key in addition to techniques for generating traffic (ARP re-injection). With these advances it still took a significant amount of time to collect now that only 1 million or less frames were required for recovering the key.
Recently, new advances in WEP cracking have been made by Pychkine, Weinmann, and Tews from the Technical University of Darmstadt. In short, the researchers developed a method for recovering the key with as few as 40,000 frames, which can be done in roughly one minute using ARP re-injection. However, the probability that the correct WEP key will be recovered with so few frames is merely 50%, but the probability increases significantly with a small increase in the number of gathered frames. For instance, if you've gathered 85,000 frames it will be possible to recover the key 95% of the time.
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Comments (4)
It can be done!By sstucke on August 29, 2007, 10:34 amI wrote a howto for cracking wep with sony vaio notebooks (or whomever uses an Intel 3945abg wireless card) Click here for the howto: http://en.tuxero.com/2007/08/howto-crack-wep-sony-vaio.html Also...
Reply | Read entire comment
Alternative to WEPBy Anonymous on July 25, 2007, 5:00 pmWhat is your recommendation for a secured WLAN if you shouldn't still be using WEP?
Reply | Read entire comment
Linksys Wi-Fi USB adapter doesn't work with WPABy Anonymous on July 23, 2007, 10:06 amDespite advertised compatibility with WPA, Linksys's WUSB54G doesn't work unless the encryption is WEP.
Reply | Read entire comment
RE: You know you shouldn't still be using WEP - Here's another reasonBy Alf Sutherland on July 17, 2007, 3:17 pmhttp://www.airdefense.net/products/features/wep.php Protect WEP from being cracked AirDefense WEP Cloaking is the first and only patented technology to protect...
Reply | Read entire comment
View all comments