Monday, September 13, 2010

WEP cracked in under 10 seconds………….

In a previous post I discussed taking the Offensive-Security Wireless Attacks course. I went through the first technical section which focuses on using aircrack-ng (and associated tools) to detect and attack wireless networks in a lab. The lab I built for this class consists of an Alfa USB Wifi Card and a Linksys WRT-54G (Linux) that supports WEP, WPA and WPA2 encryption.

Most Information Security professionals with exposure to wireless security understand why WEP is insecure, why not to use it and the risk associated with using it. However there are people who still believe WEP is sufficient for security of a wireless network.

During one of the exercises cracking WEP keys, I came across something that I could not believe at first. I was able to capture packets for my lab SSID using airodump. Typically you want about 40000 IV’s to start cracking WEP, to get a decent opportunity at successfully cracking it.

On this exercise though I thought I would take a shot at 20000 IV’s. Well, I should have bought a lottery ticket because my WEP key was cracked in 8 seconds. Now this WEP key uses a “64” bit key and is quicker to crack, but the fact that it took me longer to enter in the commands to crack the key then it took to actually crack the key shows how insecure WEP is.

I saved the packet capturefor demonstration purposes when I hear people discuss WEP security/insecurity. Like the say a picture is worth a 1000 words!

No comments:

Post a Comment

 
Site Meter