Cracking WEP Keys

Programs such as AirSnort, WEPCrack, and dweputils crack WEP keys based on an attack described in a paper titled “Weaknesses in the Key Scheduling Algorithm of RC4” written by Scott Fluhrer, Itsik Mantin, and Adi Shamir. This paper identified certain IVs that leak information about the secret key. In fact, there are large classes of these weak keys. If you can collect enough cipher text that is derived from them, you can determine the secret key with relatively little work. This assumes, however, that the attacker has knowledge of the first few bytes of plain text. Interestingly enough, because of RFC 1042 (SNAP headers), all IP and ARP packets always start with 0xAA. Therefore, the first few bytes of plain text are (almost) ...

Get How Secure Is Your Wireless Network? Safeguarding Your Wi-Fi LAN now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.