Re: Whats the current status on WEP cracking?

From: Mack (macckone_at_a_nospamjunk123_ol.com)
Date: 04/18/05 

Date: Mon, 18 Apr 2005 12:48:57 GMT

On Fri, 15 Apr 2005 03:46:49 +0300, Markus Jansson
<seemyhomepage@katsokotisivuilta.ni> wrote:

>Here are couple links to pretty new studies regarding WEP cracking.
>http://www.tomsnetworking.com/Sections-article111.php
>http://securityfocus.com/infocus/1814
>
>But what is really the status in the worst case? There seems to be
>pretty much fuzz around this issue, and several studies that seem to
>give out different kinds of results. Some claim that all WEP can be
>cracked open without target being able to do anything about (except
>changing keys like every two seconds) it in few minutes to few hours
>time. Some claim that WEP is/can be secured so that it is practically
>impossible to crack.

Changing SSID and disabling SSID broadcast are useless as protection,
and can be a pain. MAC filtering also doesn't work. SSID and MAC
addresses can be found from traffic on the network. MAC addresses can
be changed to match a 'good' address.

WPA (TKIP) is more secure but the current implementations don't always
work well together. WPA2 (AES) still isn't widely available.

>
>1) How fast (and depending how much on what) can WEP be cracked with
>off-the-net tools?

See specific tools for claims of what can be achieved.

The current tools require a couple hundred thousand to a million
packets with unique IVs. On a busy 54Mbit network this could take
only a couple of minutes.

>
>2) How fast (and depending how much on what) can WEP be cracked with
>theoretical (yet possible) software/hardware that is not (yet) available
>for public download?

Theoretically speaking it can be cracked almost instantaneously given
sufficient computing power. Practically, the cracking part is already
instantaneous, but the tools require a certain number of packets.
By injecting packets to the network a tool can be more successful.

Leslie 'Mack' McBride
remove text between _ marks to respond via e-mail

Relevant Pages

  • Re: Dumb question abt. Wireless WEP security
    ... that under their tests cracking WEP using a weak scheduling attack averages ... I have cracked WEP and it is not a picnic, ... > the amount of time required to obtain enough weak IV's on the network ... > every set amount of packets. ...
    (Security-Basics)
  • RE: WLAN
    ... someone using that same sniffer can crack the WEP after about 400,000 ... WEP every 200,000 packets or so. ... registered MAC addresses or WLAN cards to join the network. ...
    (Security-Basics)
  • RE: ARP Spoof Question
    ... Hardware MAC addresses are supposed to be globally unique. ... If you have duplicate MAC addresses on a shared-media network, ... > spoofed ARP packets to receive packets but have been unable to locate ... > my switch table. ...
    (Security-Basics)
  • Re: 14 octet MACs and security
    ... > I gave up on WEP for my home wireless network a long time ago. ... Maybe you should un-giveup on WEP and see if you can let the router ... > One of my lines of defense is a mac address filter in my iptables ... and denying him DHCP entirely doesn't get rid of his ...
    (comp.os.linux.networking)
  • Re: New Vista Laptop Does Not Connect
    ... Some computers may have a problem to access a wireless with MAC address filtering and WEP enabled. ... How to Setup Windows, Network, VPN & Remote Access on ...
    (microsoft.public.windows.vista.networking_sharing)