Airsnort and 256bit wep?

Comput4rJLT · 05-18-2003

Has anyone done it?

and can it be done w/ an orinoco gold card?

Madhadder · 05-18-2003

What Equip. supports 256 key WEP?

agentgrn · 05-19-2003

The LinkSys WAP 11 v2.2 and higher support it.

From what I've been able to tell, 64-bit WEP (40bit+IV) is pretty easily broken...and 128-bit is also doable, but requires a hell of a lot more work.

First of all, Airsnort won't work without modification to the code to support the longer key length.

Secondly, if the Linksys firmware is such that it doesn't generate any of the weak keys, then you'll probably never break it, despite it's theoretic possibility. You'd need to capture an inordinate shitload of packets...and we all saw how long it took to brute-force the RC5-64bit key...much less brute-forcing a 256-bit key.

TheSovereign · 05-19-2003

agent green the stuff is wireless is RC4 not 5
much easier to break

agentgrn · 05-19-2003

True that RC4 is easier to break, but so far, it's only known to be doable with weak keys present...which is the whole basis of AirSnort and just about every other key breaking tool.

Without that, though, it's going to be a lot of work to crack the nuts on 256-bit WEP...still wouldn't use it where security is of any significant importance.

256-bit just isn't brute-forceable with your average PC...yet.

Comput4rJLT · 05-19-2003

so i take that as a no to my origional question?????

(btw i have broken 64 and 128bit wep @ home w/ my setup, i just wanted to know if 256 was doable w/ this setup)

Madhadder · 05-20-2003

Only way to find out is to try....

cam · 06-05-2003

Well you would have to edit the airsnort code to crack for the larger key size.

The key size wouldn't overly effect the time to crack, unless you are doing a brute force which is currently impossible. Remember while the key size is larger, the IV is still only 24 bits. And yes, if the vendor has removed the weak IV's then Airsnort will not work.

f0urtyfive · 06-17-2003

Just wondering, havent really researched this much yet, but how do the weak packets work, can you get a few, and then start bruteforcing it, using them as information to start off of, or do you need the whole key out of the weak packets. Why is it "impossible" to brute force the whole key, its only 24 hex letters isnt it? (well, yes I know that SOUNDS like a lot, but :/ ) if you tried to brute force it, would you have to try each combination on the router, or could you capture a packet, and try each combination on the packet, because honestly, if someone wanted to break the key badly enough, and all they needed was processing power, they could get 1000+ computers from parallel processing not too difficult... just wondering (im going to probably do a paper on some wireless stuff for my Graduation project, so any info/websites would be of great help)

JimmyPopAli · 06-17-2003

Take a look at this thread, down a little ways it has some papers I found on the subject.

http://forums.netstumbler.com/showth...&threadid=5325

cam · 06-26-2003

Brute forcing WEP is different from the attacks Airsnort uses. The keysize is 40-bit for 64-bit WEP and 104 bit for 128 bit. So doing the math it is possible to brute force the 40-bit WEP key in a couple days, depending our powerful your machine is. 128-bit WEP is currently impossible to brute force by todays standards.

For brute forcing you could do it with only one captured encrypted packet, it would be good to have an extra few packets just to double check that you have correctly brute forced the key.

05-18-2003	#1 (permalink)
Comput4rJLT Registered Member Join Date: Feb 2003 Location: Texas Posts: 57	Airsnort and 256bit wep? Has anyone done it? and can it be done w/ an orinoco gold card? __________________ Toshiba E740 running PocketWarrior and WinC - SOLD Itronix armored 486 laptop runing W95 and netstumbler Compaq Armada E700 dualbooting w/ xp pro and slackware 8.1 - running netstumbler and soon will be running kismet/airsnort/etc...

05-19-2003	#3 (permalink)
agentgrn KB1JQO - Packin' Heat Join Date: May 2002 Location: Worcester, MA Posts: 517	The LinkSys WAP 11 v2.2 and higher support it. From what I've been able to tell, 64-bit WEP (40bit+IV) is pretty easily broken...and 128-bit is also doable, but requires a hell of a lot more work. First of all, Airsnort won't work without modification to the code to support the longer key length. Secondly, if the Linksys firmware is such that it doesn't generate any of the weak keys, then you'll probably never break it, despite it's theoretic possibility. You'd need to capture an inordinate shitload of packets...and we all saw how long it took to brute-force the RC5-64bit key...much less brute-forcing a 256-bit key. __________________ -A.G.-

05-19-2003	#4 (permalink)
TheSovereign Master of the universe Join Date: Jun 2002 Location: chicago Posts: 658	agent green the stuff is wireless is RC4 not 5 much easier to break __________________ SO SAYS TheSovereign

05-19-2003	#5 (permalink)
agentgrn KB1JQO - Packin' Heat Join Date: May 2002 Location: Worcester, MA Posts: 517	True that RC4 is easier to break, but so far, it's only known to be doable with weak keys present...which is the whole basis of AirSnort and just about every other key breaking tool. Without that, though, it's going to be a lot of work to crack the nuts on 256-bit WEP...still wouldn't use it where security is of any significant importance. 256-bit just isn't brute-forceable with your average PC...yet. __________________ -A.G.-

05-19-2003	#6 (permalink)
Comput4rJLT Registered Member Join Date: Feb 2003 Location: Texas Posts: 57	so i take that as a no to my origional question????? (btw i have broken 64 and 128bit wep @ home w/ my setup, i just wanted to know if 256 was doable w/ this setup) __________________ Toshiba E740 running PocketWarrior and WinC - SOLD Itronix armored 486 laptop runing W95 and netstumbler Compaq Armada E700 dualbooting w/ xp pro and slackware 8.1 - running netstumbler and soon will be running kismet/airsnort/etc...

05-18-2003	#2 (permalink)
Madhadder General "Noob Basher" Join Date: Apr 2002 Location: Munich, Germany Posts: 1,620	What Equip. supports 256 key WEP?

05-20-2003	#7 (permalink)
Madhadder General "Noob Basher" Join Date: Apr 2002 Location: Munich, Germany Posts: 1,620	Only way to find out is to try....

06-05-2003	#8 (permalink)
cam Registered Member Join Date: Aug 2002 Posts: 5	Well you would have to edit the airsnort code to crack for the larger key size. The key size wouldn't overly effect the time to crack, unless you are doing a brute force which is currently impossible. Remember while the key size is larger, the IV is still only 24 bits. And yes, if the vendor has removed the weak IV's then Airsnort will not work.

06-17-2003	#9 (permalink)
f0urtyfive HAH! Join Date: May 2003 Posts: 68	Just wondering, havent really researched this much yet, but how do the weak packets work, can you get a few, and then start bruteforcing it, using them as information to start off of, or do you need the whole key out of the weak packets. Why is it "impossible" to brute force the whole key, its only 24 hex letters isnt it? (well, yes I know that SOUNDS like a lot, but :/ ) if you tried to brute force it, would you have to try each combination on the router, or could you capture a packet, and try each combination on the packet, because honestly, if someone wanted to break the key badly enough, and all they needed was processing power, they could get 1000+ computers from parallel processing not too difficult... just wondering (im going to probably do a paper on some wireless stuff for my Graduation project, so any info/websites would be of great help)

06-17-2003	#10 (permalink)
JimmyPopAli Registered Member Join Date: Apr 2002 Location: Washington the state Posts: 242	Take a look at this thread, down a little ways it has some papers I found on the subject. http://forums.netstumbler.com/showth...&threadid=5325

06-26-2003	#11 (permalink)
cam Registered Member Join Date: Aug 2002 Posts: 5	Brute forcing WEP is different from the attacks Airsnort uses. The keysize is 40-bit for 64-bit WEP and 104 bit for 128 bit. So doing the math it is possible to brute force the 40-bit WEP key in a couple days, depending our powerful your machine is. 128-bit WEP is currently impossible to brute force by todays standards. For brute forcing you could do it with only one captured encrypted packet, it would be good to have an extra few packets just to double check that you have correctly brute forced the key.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode