WEP is really that easy to Crack?
Please note, all the information below are for used in private LAB environment. Purely for Pentest purpose!!
Hey, there I saw article all-over the places saying WEP is insecure and crackable in 5 min. But I never did that by myself. Since I have a lab to play with now, I want to give it a try to see exactly how weak it is. But I do not think modem AP with WEP is still easy to manipulate... Here is my setup and test: I have an Cisco AP configured with 2 SSIDs: Test1 and Test2. Test1 is hidden with WPA2 encryption and Radius Authentication; Test2 is hidden with WEP encrption and open authentication. I used latest BT5 on a laptop with an Intel Wireless WIFI 4965 card. I can find the SSID and channel using airodump-ng but failed to use aireplay-ng for fake-authentication, which also means I could not manipulate traffic to AP for actual traffic capture for final analyse to crack the key. Do you think this is because the AP has special feature OR the SSID Test1 is using WPA2 while sharing the same MAC ADDRESS with SSID Test2? Comments plz. |
When a wireless link secured with WEP transfers a significant amount of data that is known or predictable, it's possible to deduce the (one... unchanging...) key using regular cryptographic techniques which can be automated.
WPA2 and its kin address this issue ... without any change of hardware ... through dynamic key-management: the encryption keys are generated randomly and regular changes of the key are negotiated. So there is a much smaller set of data that is encrypted using any one key, and the previous or next key could be "anything at all." Other protocols including SSLx, VPN and so-on use the same approach. |
Quote:
|
Quote:
Now as to why you were unsuccessful with respect to being able to "manipulate traffic to AP for actual traffic capture" I would recommend that you read the forum rules, in particular rule 14. Quote:
|
You could simply just reply as
Quote:
Quote:
|
Quote:
|
Opps, wrong forum.
|
And, to answer the original question, yes, it's that easy. I have done it in my personal access point, but it already had traffic; I didn't generate it.
|
Quote:
|
All times are GMT -5. The time now is 02:25 AM. |