NetStumbler.org Forums - View Single Post

01-05-2002

Those examples of cracking WEP keys were all 'lab tests'. I'm not suggesting that you udp flood the network to crack the WEP key....actually, I don't think you could do that until you had the WEP key. That was basically an example of what you're already finding out....cracking WEP isn't half as easy as what you'd think reading some of these articles stating that WEP is basically a joke. Maybe it's a joke for some people but I don't know any of them.

Secure enough for the FBI - probably not...at least hopefully not! Secure enough to run my home network on - probably. Then go and run a closed network, limit access to MAC addresses, watch the logs and things are gonna be pretty secure....at least for now.

It does seem to me that if you had one WEP encrypted packet (or maybe 1000) that you should be able to run some kind of software against those packets for a week or two, or a month and eventually crack that WEP key since I believe the WEP key is XORed with the valid data. With 1000 packets, you could pretty well determine that you'd come up with the right key if they all 'made sense'.

I don't really understand the encryption that WEP uses so this idea may be totally bogus but it seems good to me

01-05-2002	#6 (permalink)
Posts: n/a	Those examples of cracking WEP keys were all 'lab tests'. I'm not suggesting that you udp flood the network to crack the WEP key....actually, I don't think you could do that until you had the WEP key. That was basically an example of what you're already finding out....cracking WEP isn't half as easy as what you'd think reading some of these articles stating that WEP is basically a joke. Maybe it's a joke for some people but I don't know any of them. Secure enough for the FBI - probably not...at least hopefully not! Secure enough to run my home network on - probably. Then go and run a closed network, limit access to MAC addresses, watch the logs and things are gonna be pretty secure....at least for now. It does seem to me that if you had one WEP encrypted packet (or maybe 1000) that you should be able to run some kind of software against those packets for a week or two, or a month and eventually crack that WEP key since I believe the WEP key is XORed with the valid data. With 1000 packets, you could pretty well determine that you'd come up with the right key if they all 'made sense'. I don't really understand the encryption that WEP uses so this idea may be totally bogus but it seems good to me