Re: Cracking WEP and WPA keys

From: Joachim Schipper (j.schipper@math.uu.nl)
Date: Tue Dec 13 2005 - 11:38:07 EST


On Tue, Dec 13, 2005 at 10:09:21AM +0000, Robin Wood wrote:
> Hi
> I've just been on a wireless security course where there was a lot of talk
> about WEP keys being poor security and easily crackable. I got home and
> decided to put it to practice and use aircrack against my own WEP key.
>
> After around 4 hours I got bored ...

> All the examples I've seen seem to suggest that cracking should take minutes
> not hours and all keys should be crackable. What experiences do other
> testers have? Have I done something wrong? I abandoned the full attack after
> 5 hours as it was running with the default fudge factor of 2 so would
> probably not have managed to crack the key.
>
> I've also seen a video on the Remote Exploit site showing a WPA key cracked
> in 10 minutes using cowpatty and a dictionary attack. How realistic is this?

I am not very good at this, since I do not own or care for wireless, but

*do* take in mind that you're comparing a complete brute-force with a
dictionary attack. It's not surprising that the dictionary attack is
much faster, even against a better algorithm.

                Joachim

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:15 EDT