DanMay 18, 2007 9:21 AM

I've used their aircrack-ptw tool to crack a WEP key, and it is incredibly fast. Used with packet injection anyone using WEP will be wide open in less than 3 minutes. People, use WPA2!

FooDooHackedYouMay 18, 2007 10:14 AM

Interesting. A d00d called Hackar1 did a talk on hacking WEP at shmoocon this year. He also cracked WEP with ease using sniffed packets and FPGAs (specialized circuit boards). He's also hacked WPA and bluetooth.

PaulMay 18, 2007 10:55 PM

He goes by H1kari, and his attacks leveraged the ability to precompute hashes, especially against WPA-Personal (pre-shared keys). Aircrack-ptw is unrelated.

RobertMay 19, 2007 4:39 AM

Check out Andrea Bittau's fragmentation attack. Once you've sniffed a single packet you can transmit arbitrary data (without knowing the wep key) in 8 byte fragments.

(which also lets you generate lots of crackable traffic very easily, if you want to use more standard attacks to find the key)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.