Bruce Schneier

 
 

Schneier on Security

A blog covering security and security technology.

« Rare Risk and Overreactions | Main | Airline Security Cartoon »

May 18, 2007

Interview with WEP Attack Researchers

They explain how their attack on the 802.11 wireless security protocol works.

Posted on May 18, 2007 at 07:06 AM5 CommentsView Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

I've used their aircrack-ptw tool to crack a WEP key, and it is incredibly fast. Used with packet injection anyone using WEP will be wide open in less than 3 minutes. People, use WPA2!

Posted by: Dan at May 18, 2007 09:21 AM


Interesting. A d00d called Hackar1 did a talk on hacking WEP at shmoocon this year. He also cracked WEP with ease using sniffed packets and FPGAs (specialized circuit boards). He's also hacked WPA and bluetooth.

Posted by: FooDooHackedYou at May 18, 2007 10:14 AM


He goes by H1kari, and his attacks leveraged the ability to precompute hashes, especially against WPA-Personal (pre-shared keys). Aircrack-ptw is unrelated.

Posted by: Paul at May 18, 2007 10:55 PM


Check out Andrea Bittau's fragmentation attack. Once you've sniffed a single packet you can transmit arbitrary data (without knowing the wep key) in 8 byte fragments.

(which also lets you generate lots of crackable traffic very easily, if you want to use more standard attacks to find the key)

Posted by: Robert at May 19, 2007 04:39 AM


Download the backtrack distro on remote-exploit.org

Posted by: err0ryt3 at July 9, 2007 10:35 PM


Post a comment



Real names aren't required, but please give us something to call you. Conversations among several people called "Anonymous" get too confusing.



E-mail is optional and will not be displayed on the site.


Remember Me?


Powered by Movable Type 3.2. Photo at top by Steve Woit.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT Counterpane.

 
Bruce Schneier