Dispelling the Myth of Wireless Security
Subject:   The Myth of Easy WEP cracking
Date:   2003-10-21 14:21:47
From:   anonymous2
The author should disclose the age of his test equipment, it makes a big difference. The methods the author used will only works vs equipment at least 2 years old.

Since the initial panic about WEP in summer 2001, 802.11 manufacturers made changes to their firmware. Fast WEP cracking comes from capturing enough "weak IV" frames, something that occurs randomly. Manufactures have apparently altered the algorythm to not use any weak IVs -- this technology is sometimes known as WEP-plus. For example, Orinocco interfaces with firmware older than fall of 2001 can be cracked. Change the Orinocco firmware to an early 2002 version, Airsnort and Kismet never see weak IVs, thus can not crack the WEP key. Note that either side of a WLAN connection (access points or client interfaces) can send weak IVs if they are using old interfaces.

My impression is that manufacturers have implemented WEP Plus fixes in equipment manufactured since late 2001/early 2002. Typically, old equipment can be upgraded to newer firmware. At a large trade show early this year I fired up kismet and Airsnort. Hundreds of WLAN interfaces were visible, but I collected maybe 2 weak IV frames. I was manning a both at this show, and run the tools all day for 2 days.

Articles like this were important 2 years ago, but really they distort the problem today. Keep up with the firmware updates and you are reasonably secure. I have some many people insisting WEP can can be broken in 15 minutes, it drives me nuts.

AND ... Even if you are attacking a 2-year old WLAN, collecting millions of frames can take many days depending on the traffic load! You can't do a ping flood until you have that WEP key.

Tim F
Network Engineer

Full Threads Oldest First

Showing messages 1 through 4 of 4.

  • The Myth of Easy WEP cracking
    2003-11-23 19:35:05  anonymous2 [View]

    Thanks Tim, I think you hit the nail on the head. The book is really very good but this hack had me scratching my head. What is scary is how few people even use WEP at all!
    • The Myth of Easy WEP cracking
      2005-02-06 12:31:12  BashT [View]

      I totally agree with you Tim. This was the topic for my research paper and I have about the same set up lab but I was using Knoppix STD. I had Airsnort run for one week and it did not log any weak IV keys. I email the developers of Airsnort asking them what's wrong and they told me the same information that you wrote, that old 802.11b hardware with old firmware are the only ones that are vulnerable to this attack so in other words if you are using 802.11g or n or you updated the latest firmware on your 802.11b hardware then you don't have to worry about the WEP key being hacked for now..
    • The Myth of Easy WEP cracking
      2005-02-03 20:10:14  IDunno [View]

      Tim F statements are not true. WEP is easyly cracked! if you have enough packet you can crack it in seconds! With 500.000 packets a 64 bit key is shown inmediatly. It is not a lot, you can insert traffic with replay attack.. look foer airsnort..
      I dont know who TIm F is. .but he doesn't now about the subject.
      • The Myth of Easy WEP cracking
        2007-07-28 09:02:19  DeeH [View]

        Depending on whose network you're cracking it may take longer to gather the packets, but with a tool like aireplay you can generate the traffic you need, so yeah opening aireplay & typing a few parameters in takes an extra 20-30 secs, but it's still a 5 minute hack altogether. WEP is easy if you know what to do...