Schneier on Security

A blog covering security and security technology.

« Rare Risk and Overreactions | Main | Airline Security Cartoon »

May 18, 2007

Interview with WEP Attack Researchers

They explain how their attack on the 802.11 wireless security protocol works.

Posted on May 18, 2007 at 07:06 AM • 5 Comments • View Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

I've used their aircrack-ptw tool to crack a WEP key, and it is incredibly fast. Used with packet injection anyone using WEP will be wide open in less than 3 minutes. People, use WPA2!

Posted by: Dan at May 18, 2007 09:21 AM

Interesting. A d00d called Hackar1 did a talk on hacking WEP at shmoocon this year. He also cracked WEP with ease using sniffed packets and FPGAs (specialized circuit boards). He's also hacked WPA and bluetooth.

Posted by: FooDooHackedYou at May 18, 2007 10:14 AM

He goes by H1kari, and his attacks leveraged the ability to precompute hashes, especially against WPA-Personal (pre-shared keys). Aircrack-ptw is unrelated.

Posted by: Paul at May 18, 2007 10:55 PM

Check out Andrea Bittau's fragmentation attack. Once you've sniffed a single packet you can transmit arbitrary data (without knowing the wep key) in 8 byte fragments.

(which also lets you generate lots of crackable traffic very easily, if you want to use more standard attacks to find the key)

Posted by: Robert at May 19, 2007 04:39 AM

Download the backtrack distro on remote-exploit.org

Posted by: err0ryt3 at July 9, 2007 10:35 PM