Cracking WEP and WPA keys



Hi
I've just been on a wireless security course where there was a lot of talk
about WEP keys being poor security and easily crackable. I got home and
decided to put it to practice and use aircrack against my own WEP key.

Using airodump and aireplay I collected 1 million IVs and set aircrack off
attacking it. After around 4 hours I got bored of waiting and on another
machine tried playing with aircracks debug option where you can pass
sections of the key you already know. I found if I passed the whole key
except the last digit it could be cracked with a fudge factor of 2, if I
removed the last 2 digits then I had to up the fudge factor to 5 and up it
to 8 if I removed the last 3 digits. With anything less than the fudge
factor mentioned I was told that it couldn't crack the key.

All the examples I've seen seem to suggest that cracking should take minutes
not hours and all keys should be crackable. What experiences do other
testers have? Have I done something wrong? I abandoned the full attack after
5 hours as it was running with the default fudge factor of 2 so would
probably not have managed to crack the key.

I've also seen a video on the Remote Exploit site showing a WPA key cracked
in 10 minutes using cowpatty and a dictionary attack. How realistic is this?

Robin

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



Relevant Pages