Re: Wireless wep crackin on windows

From: Andrew A. Vladimirov (
Date: 05/21/04

  • Next message: Andrew A. Vladimirov: "Re: Wireless wep crackin on windows"
    Date: Fri, 21 May 2004 15:49:51 +0100
    To: Aaron Drew <>,

    Aaron Drew wrote:
    > Airsnort on windows is limited. You need a card that can be put into monitor
    > mode under windows to capture the WEP packets.

    Snax has sorted it out by using a demo version driver coming from
    AiroPeek. I wonder what AiroPeek guys think about it...

    Linux drivers make this much easier.

    And allow to do many other things with injecting custom frames,
    encrypted traffic etc. Windows drivers are eons away from that, even
    though you can deauth undesirable hosts using AirMagnet running on
    Windows CE.

    > As for other tools, the package wep-tools contains a utility for brute
    > forcing ASCII based WEP keys.

    Mentioned it in my previous post, nice to see I am not alone :)
    > These keys are generated using a simple algorithm that is unfortunately
    > flawed. It essentially reduces the keylength of WEP from 64/128 down to
    > around 21 bits in length. Given just a couple of encrypted data packets, an
    > offline exhaustive brute-force attack can be done in about 10-15 seconds on
    > such keys.

    That flaw applies only to 40-bit keys and was fixed ages ago. In fact,
    some vendors did not have that flaw at all, e.g. 3Com. What would be
    more interesting is porting WEPAttack to Windows, but I don't know what
    would be the equivalents of ZLib and libCrypto for it. Don't know much
    about Windows anyway, no source - no fun.


    Dr. Andrew A. Vladimirov
    CISSP #34081, CWNA, CCNP/CCDP, TIA Linux+
    Arhont Ltd - Information Security.

    Tel: +44 (0)870 44 31337
    Fax: +44 (0)117 969 0141
    GPG: Key ID - 0x1D312310
    GPG: Server -

  • Next message: Andrew A. Vladimirov: "Re: Wireless wep crackin on windows"