Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Please note, all the information below are for used in private LAB environment. Purely for Pentest purpose!!
Hey, there
I saw article all-over the places saying WEP is insecure and crackable in 5 min. But I never did that by myself. Since I have a lab to play with now, I want to give it a try to see exactly how weak it is. But I do not think modem AP with WEP is still easy to manipulate... Here is my setup and test:
I have an Cisco AP configured with 2 SSIDs: Test1 and Test2. Test1 is hidden with WPA2 encryption and Radius Authentication; Test2 is hidden with WEP encrption and open authentication.
I used latest BT5 on a laptop with an Intel Wireless WIFI 4965 card. I can find the SSID and channel using airodump-ng but failed to use aireplay-ng for fake-authentication, which also means I could not manipulate traffic to AP for actual traffic capture for final analyse to crack the key.
Do you think this is because the AP has special feature OR the SSID Test1 is using WPA2 while sharing the same MAC ADDRESS with SSID Test2?
Comments plz.
Last edited by chinese_ys; 07-31-2012 at 10:12 AM.
When a wireless link secured with WEP transfers a significant amount of data that is known or predictable, it's possible to deduce the (one... unchanging...) key using regular cryptographic techniques which can be automated.
WPA2 and its kin address this issue ... without any change of hardware ... through dynamic key-management: the encryption keys are generated randomly and regular changes of the key are negotiated. So there is a much smaller set of data that is encrypted using any one key, and the previous or next key could be "anything at all." Other protocols including SSLx, VPN and so-on use the same approach.
When a wireless link secured with WEP transfers a significant amount of data that is known or predictable, it's possible to deduce the (one... unchanging...) key using regular cryptographic techniques which can be automated.
WPA2 and its kin address this issue ... without any change of hardware ... through dynamic key-management: the encryption keys are generated randomly and regular changes of the key are negotiated. So there is a much smaller set of data that is encrypted using any one key, and the previous or next key could be "anything at all." Other protocols including SSLx, VPN and so-on use the same approach.
Sorry, but what you trying to tell me? difference between WEP and WPA2? If so, that was not my question...
difference between WEP and WPA2? If so, that was not my question.
....
used latest BT5 on a laptop with an Intel Wireless WIFI 4965 card. I can find the SSID and channel using airodump-ng but failed to use aireplay-ng for fake-authentication, which also means I could not manipulate traffic to AP for actual traffic capture for final analyse to crack the key.
Do you think this is because the AP has special feature OR the SSID Test1 is using WPA2 while sharing the same MAC ADDRESS with SSID Test2?
It sounds like you are asking why you were not able to inject sufficient packets into the access point cause artificial traffic that you could thereby use to deduce the WEP key. As sundialsvcs pointed out, WEP cracking takes place through a statistical analysis of a sufficiently large data set and WPA2 does not have this weakness. For whatever reason you were not able to induce the traffic needed to crack the password. There are several reasons why this could be, including insufficient signal strength and hardware or a driver that doesn't support this activity.
Now as to why you were unsuccessful with respect to being able to "manipulate traffic to AP for actual traffic capture" I would recommend that you read the forum rules, in particular rule 14.
Quote:
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
While I can't speak for the forum administration I think that discussing the theoretical and practical differences between WEP and WPA and why WPA is significantly more secure than WEP and using your own test set is fine. Asking for help in troubleshooting why your cracking technique failed using a particular tool, which will effectively give a "how to" engage in this practice would be better left alone.
There are several reasons why this could be, including insufficient signal strength and hardware or a driver that doesn't support this activity.
Quote:
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
Thanks for taking time finding the specific section of the forum rule I stated on the very top that this is for pentest in lab environment... I presented 2 possibilities in original post that might cause issue and I am trying to collect opinions. If I want to use this post to do troubleshooting, should I simply ask how to get it work?
Thanks for taking time finding the specific section of the forum rule I stated on the very top that this is for pentest in lab environment... I presented 2 possibilities in original post that might cause issue and I am trying to collect opinions. If I want to use this post to do troubleshooting, should I simply ask how to get it work?
Yes, we know what you said...however, there is no way for us to KNOW that you aren't trying to do something else with the information. That's what makes requests like this a touchy subject, and why there are forum rules against it. Those rules should have been visible to you when you signed up.
And, to answer the original question, yes, it's that easy. I have done it in my personal access point, but it already had traffic; I didn't generate it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.