Schneier on Security
A blog covering security and security technology.
« Rare Risk and Overreactions |
| Airline Security Cartoon »
May 18, 2007
Interview with WEP Attack Researchers
They explain how their attack on the 802.11 wireless security protocol works.
Posted on May 18, 2007 at 7:06 AM
• 5 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I've used their aircrack-ptw tool to crack a WEP key, and it is incredibly fast. Used with packet injection anyone using WEP will be wide open in less than 3 minutes. People, use WPA2!
Interesting. A d00d called Hackar1 did a talk on hacking WEP at shmoocon this year. He also cracked WEP with ease using sniffed packets and FPGAs (specialized circuit boards). He's also hacked WPA and bluetooth.
He goes by H1kari, and his attacks leveraged the ability to precompute hashes, especially against WPA-Personal (pre-shared keys). Aircrack-ptw is unrelated.
Check out Andrea Bittau's fragmentation attack. Once you've sniffed a single packet you can transmit arbitrary data (without knowing the wep key) in 8 byte fragments.
(which also lets you generate lots of crackable traffic very easily, if you want to use more standard attacks to find the key)
Download the backtrack distro on remote-exploit.org
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.