generating WEP keys
Matthew Carpenter
matt
Mon May 17 11:41:56 PDT 2004
Actually, there's a bit more to it than that...
There are several weaknesses in WEP. One example:
If several bytes of any frame are a particular value, that frame and others like it expose a part of the key. I had the math down at one point but couldn't tell you the exact bytes and values but it wasn't hard.
This was an implementational issue which was largely circumvented in many firmwares (since the WiFi hardware is resposible for actually doing the en/decryption). I have spent months attempting to crack WEP on Cisco hardware without success. Only after I was really frustrated did I hear that Cisco actually patched their WEP implementation to avoid many of the vulnerabilities. Still, if it is of interest to you, you should check out AirSnort(airsnort.shmoo.com) and Kismet(kismetwireless.net).
I'm still pretty interested in it but haven't the time right now. If you are interested, I have RPM's to Airsnort, Kismet, and patched drivers/libraries available for COLW 3.1.1.
begin Keith Morse <kgmorse at mpcu.com>
(Thu, 19 Dec 2002 15:16:57 -0800 (PST))
>
>
> Nope, no magic. And that's one of the problems with WEP and being classed
> as somewhat insecure by knowitalls and pundits. With right tools, freely
> available, you can determine what the WEP key is. This is a project I
> need to do to see how hard/easy that process is.
>
>
> Just 13 characters.
--
Matthew Carpenter
matt at eisgr.com http://www.eisgr.com/
Enterprise Information Systems
*Network Consulting, Integration & Support
*Web Development and E-Business
More information about the Linux-users
mailing list