Loading ...Cracking Wireless WEP-104 in record time
Cracking 104 bit WEP (Wired Equivalent Privacy) itself is old news. However new *cracking speed* is mind blowing.
According to new research it takes less than one minute to break a common 802.11 104-bit WEP encryption:
WEP is a protocol for securing wireless LAN. WEP therefore uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key (called the root key or WEP key) of a length of 40 or 104 bit.
We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.
Currently at home I’m using WPA2 personal. However, at work place we have disabled wireless access a year ago (except cafeteria area).
A paper (PDF) describing the details and methods we used in our attack is available on the IACR ePrint server. A proof-of-concept of attack in a tool called aircrack-ptw (source) is available. It should be used together with the aircrack-ng toolsuite.
How do I avoid this kind of problems?
You can switch to WPA2 to avoid this attack 
Make sure support for WPA2 is available through your Linux driver as well as the userspace utility called wpa_supplicant.
You can also use a Linux GUI tool called NetworkManager to configure access to protected wireless networks.
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- How Install and setup a honeypot
- Yet Another Reason to Have Offsite Data Backup
- Protecting Linux against automated attackers
- gNewSense - A GNU/Linux project distribution available for download
- Linux Remains Unbeaten in pwn2own Hacking Contest
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
I Personnaly use Kwlan 0.6.2 for KDE and it’s really effective. Supports WPA with wpasupplicant.
Nice icons in system tray.
Scans for networks and Manage profiles.
It’s the only tool that seems to be in active dev.
Forget KNetworkManager, Kwifimanager, etc….
(I’m on Linux MINT 2.6.20 with KDE 3.5.7)
i want to crack a wireless wep key but whateve i tried….nothing… i tried most than 20 programmes but nothing. have you got to sugest me something…