Wireless LAN encryption cracked in 3 mins

Interesting article at Tom's Hardware

http://www.tomsnetworking.com/Sections-article111.php


"After about three minutes of capturing and cracking, the FBI team
found the correct WEP key, and displayed it on a projected notebook
screen."

I havn't even bothered turning the encryption on on my box.

Presumably this isn't an April fool, unlike the one my colleague
pulled by swapping the n & m keys on my keyboard before I got in this
morning...

silangdon <(E-Mail Removed)> wrote:

>
>Interesting article at Tom's Hardware
>
>http://www.tomsnetworking.com/Sections-article111.php
>
>
>"After about three minutes of capturing and cracking, the FBI team
>found the correct WEP key, and displayed it on a projected notebook
>screen."
>
>I havn't even bothered turning the encryption on on my box.
>
>Presumably this isn't an April fool, unlike the one my colleague
>pulled by swapping the n & m keys on my keyboard before I got in this
>morning...

OK, so they got the target to generate the required traffic, captured
the traffic and cracked the key.

"Everybody" knows this can be done with WEP. For security one should
use WPA/PSK or or some other WPA implementation. Or a VPN running
3DES, AES, etc.

However, there are so many open access points that if a hacker finds
one with WEP on it, he's only got to drive another 50 yards to find an
open one.

[snip]
> >"After about three minutes of capturing and cracking, the FBI team
> >found the correct WEP key, and displayed it on a projected notebook
> >screen."
> >

Also, the FBI require that 128 bit encryption is really only 104 (if I
remember correctly) and the remaining bits are "known" to them. This makes
cracking far simpler for them.

Paul DS.

silangdon wrote:
> Interesting article at Tom's Hardware
>
> http://www.tomsnetworking.com/Sections-article111.php
>
>
> "After about three minutes of capturing and cracking, the FBI team
> found the correct WEP key, and displayed it on a projected notebook
> screen."
>
> I havn't even bothered turning the encryption on on my box.
>
> Presumably this isn't an April fool, unlike the one my colleague
> pulled by swapping the n & m keys on my keyboard before I got in this
> morning...


Yup, its been known for quite a while now - its not hi-tech and anyone
can do it with free tools off the internet.

The crack involves a little 'fudge factor' and the normal 'hacker luck',
but by capturing a few IVs, you can then inject and re-inject them to
build up the amount of packets required to attempt a crack.

Try here for a start to more info
http://www.cr0.net:8040/code/network/aircrack/

Peter wrote:

> silangdon <(E-Mail Removed)> wrote:
>
>
>>Interesting article at Tom's Hardware
>>
>>http://www.tomsnetworking.com/Sections-article111.php
>>
>>
>>"After about three minutes of capturing and cracking, the FBI team
>>found the correct WEP key, and displayed it on a projected notebook
>>screen."
>>
>>I havn't even bothered turning the encryption on on my box.
>>
>>Presumably this isn't an April fool, unlike the one my colleague
>>pulled by swapping the n & m keys on my keyboard before I got in this
>>morning...
>
>
> OK, so they got the target to generate the required traffic, captured
> the traffic and cracked the key.
>
> "Everybody" knows this can be done with WEP. For security one should
> use WPA/PSK or or some other WPA implementation. Or a VPN running
> 3DES, AES, etc.
>
> However, there are so many open access points that if a hacker finds
> one with WEP on it, he's only got to drive another 50 yards to find an
> open one.
>

The amount of traffic that the target needs to generate is now minimal.

What you have said is true but you have to crack one, just to say you
have done it )

silangdon wrote:
> Interesting article at Tom's Hardware
>
> http://www.tomsnetworking.com/Sections-article111.php
>
>
> "After about three minutes of capturing and cracking, the FBI team
> found the correct WEP key, and displayed it on a projected notebook
> screen."
>
> I havn't even bothered turning the encryption on on my box.
>
> Presumably this isn't an April fool, unlike the one my colleague
> pulled by swapping the n & m keys on my keyboard before I got in this
> morning...

s'easy and well known.

Search for Aircrack and Network Stumbler .. You don't even need to crack
an AP, just drive along a bit further.

Not, I hasten to add, that I do that sort of thing. much.

--
The Caretaker .........

Paul D.Smith wrote:

> [snip]
>
>>>"After about three minutes of capturing and cracking, the FBI team
>>>found the correct WEP key, and displayed it on a projected notebook
>>>screen."
>>>
>
>
> Also, the FBI require that 128 bit encryption is really only 104 (if I
> remember correctly) and the remaining bits are "known" to them. This makes
> cracking far simpler for them.
>
> Paul DS.
>
>


WEP protocol uses 24 bits as the Initialisation Vector, so 64 bit WEP is
actually 40 bit, and 128 bit is actually 104 bit.

Because this IV is only 24 bits it needs to be retransmitted regularly
and that is where the cracking tool gains its advantage and is able to
sniff the IV.

You can thwart the attacket by changing the key on a regular basis but
WEP is still inherently insecure.

Google is fantastic for searching for detail in both easy and technical
formats.

johnydeath <(E-Mail Removed)> wrote:

>The amount of traffic that the target needs to generate is now minimal.

I do think it's quite clever to trick the access point into generating
the required traffic

It's hard to believe that the designers of WEP didn't think of this -
it should have been a pretty obvious security hole.

However I still don't understand why "128" bit WEP can be cracked
easily. 100+ bits is not brute-force crackable in itself.


Peter.
--
Return address is invalid to help stop junk mail.
E-mail replies to (E-Mail Removed) but remove the X and the Y.

silangdon wrote:

>
> Interesting article at Tom's Hardware
>
> http://www.tomsnetworking.com/Sections-article111.php
>
>
> "After about three minutes of capturing and cracking, the FBI team
> found the correct WEP key, and displayed it on a projected notebook
> screen."
>
> I havn't even bothered turning the encryption on on my box.
>
> Presumably this isn't an April fool, unlike the one my colleague
> pulled by swapping the n & m keys on my keyboard before I got in this
> morning...


Banking comes with secure https protocol, so no need to worry there.
For files, I put all files on GNU/Linux servers
and then access them through ssh if over wireless.
Lots of free and open source liveCds here (like knoppix, mepis, quantian)
http://www.frozentech.com/content/livecd.php
If windopes is used, I use open source winscp (which uses ssh)
to transfer files.
Browsing and other stuff I don't care.

In all, even if the wireless is 'insecure' the protocols
you run over it can be secured to avoid security problems.

On Fri, 01 Apr 2005 17:17:39 GMT, 7
<(E-Mail Removed)> wrote:

>silangdon wrote:
>
>> "After about three minutes of capturing and cracking, the FBI team
>> found the correct WEP key, and displayed it on a projected notebook
>> screen."
>>
>
>Banking comes with secure https protocol, so no need to worry there.

What does this have to do with anything? Its totally irrelevant to the
security of WEP.

>For files, I put all files on GNU/Linux servers
>and then access them through ssh if over wireless.

Marvellous. And this makes WEP more secure.... how?

>Browsing and other stuff I don't care.

thats nice. So you don't mind hackers breaking into your network,
installing trojans and monitoring your bank account details....

>In all, even if the wireless is 'insecure' the protocols
>you run over it can be secured to avoid security problems.

hardly.