NetStumbler.org Forums

Go Back   NetStumbler.org Forums > Software > Unix/Linux
Reload this Page cracking WEP - How long??
Register Search Today's Posts Mark Forums Read

Reply
Page 1 of 2 1 2 >
 
LinkBack Thread Tools Display Modes
Old 09-29-2004   #1 (permalink)
aelk5579
Registered Member
 
Join Date: Jul 2004
Posts: 5
cracking WEP - How long??
I have been doing some testing on my own network to see if i can crack the 64bit WEP key and how long it will take. I am not using any traffic boosters such as continuous pinging to speed up the process so that i can know how long it will take under normal conditions. I am using airsnort with an orinoco silver and an external 7db antenna. Using Knoppix STD distro. I am also running kismet in the background.

Now airsnort has captured 66k packets and 78 of them are encrypted and 0 interesting. From my knowledge, i know that i will need about 1200 weak IV to successfully crack wep. From the results i have now, gaining 1200 looks like a very long way away. My question is: is this normal or am i missing something? Other then using the new wepcracking tools mentioned in the stickies (which i havent tried YET), is there anyway or method to decrease the time to crack WEP and/or generate more weak IV/traffic without gaining access to the network?
aelk5579 is offline   Reply With Quote
Old 09-29-2004   #2 (permalink)
audit
Mentally Fucked up!
 
audit's Avatar
 
Join Date: Aug 2002
Location: Deep in the Woods.
Posts: 1,887
See that thing called Search at the top of every section, give that a try.
__________________
audit

Blackberry Outage Mail List. Be the one of first people to know about RIM outages.
Blackberry Chat Mail List.
My day to day life.
audit is offline   Reply With Quote
Old 09-29-2004   #3 (permalink)
Thorn
Did you do the math?
 
Thorn's Avatar
 
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,008
Short answer: No. Which is why WEP is still a valid tool for the average home user.
__________________
Thorn
Sex and Violence. You can't enjoy one, if you don't survive the other. (And that works both ways...)
Thorn is offline   Reply With Quote
Old 09-29-2004   #4 (permalink)
aelk5579
Registered Member
 
Join Date: Jul 2004
Posts: 5
Quote:
Originally Posted by audit
See that thing called Search at the top of every section, give that a try.
I have been reading threads in this forum for 2 hours now and i used search before anything. I dont know what made you come to the instant conclusion that i didnt read anything on the forum before i posted. I am asking a simple question and need a simple answer. I just want to know if my results are normal or if im doing something wrong. From what ive read in the threads, i should have atleast 10 weak IV by now. I dont have any. Is this normal??
aelk5579 is offline   Reply With Quote
Old 09-29-2004   #5 (permalink)
wrzwaldo
I amuse you?
 
Join Date: Dec 2003
Posts: 9,127
Quote:
Originally Posted by aelk5579
I have been reading threads in this forum for 2 hours now and i used search before anything. I dont know what made you come to the instant conclusion that i didnt read anything on the forum before i posted. I am asking a simple question and need a simple answer. I just want to know if my results are normal or if im doing something wrong. From what ive read in the threads, i should have atleast 10 weak IV by now. I dont have any. Is this normal??
Because you didn't say that???


As for if it is normal or not. Sure is

As for if you are doing something wrong. Quite possible


As you have probably guessed by now there is no "simple answer".
wrzwaldo is offline   Reply With Quote
Old 09-29-2004   #6 (permalink)
aelk5579
Registered Member
 
Join Date: Jul 2004
Posts: 5
Look i know you guys are experts here but (correct me if im wrong), i didnt come across any notice while registering as a member that said " you must have an x amount of knowledge/expertise to post threads on the forum".

If i asked a silly question it does not mean i get flamed. Maybe a link would have been better. Although i beleive that there is nothing wrong with the question i asked. I was expecting an answer like: Your firmware is probably new and does not give out much if not any weak IV's.
aelk5579 is offline   Reply With Quote
Old 09-29-2004   #7 (permalink)
c0rnholio
cd /pub && more beer
 
Join Date: Jun 2002
Location: Germany
Posts: 160
Quote:
Originally Posted by Thorn
...Which is why WEP is still a valid tool for the average home user.
Hm..sorry but I have to disagree to that.

Here is the reason why: I have several WEP protected AP's in my neighbourhood, all in rage without the need for a directional antennae or an omni. What stops me (expect from my ethic) from capturing all their traffic for several days (or until I have enough packets) and then use aircrack to crack their keys within a minute? They are all "average home users" but they generate traffic day by day, someday more, someday less. Next thing is that I can still use Packet injection on these networks to get enough traffic without them knowing it. I would not recommend anyone using WEP anymore, even not for home use. Also think about KoreK's chopchop...decrypts a WEP encrypted packet in about a minute...

Just my 2 ct...
__________________
You mean...there is life outside my lab?
c0rnholio is offline   Reply With Quote
Old 09-29-2004   #8 (permalink)
Thorn
Did you do the math?
 
Thorn's Avatar
 
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,008
Quote:
Originally Posted by c0rnholio
Hm..sorry but I have to disagree to that.

Here is the reason why: I have several WEP protected AP's in my neighbourhood, all in rage without the need for a directional antennae or an omni. What stops me (expect from my ethic) from capturing all their traffic for several days (or until I have enough packets) and then use aircrack to crack their keys within a minute? They are all "average home users" but they generate traffic day by day, someday more, someday less. Next thing is that I can still use Packet injection on these networks to get enough traffic without them knowing it. I would not recommend anyone using WEP anymore, even not for home use. Also think about KoreK's chopchop...decrypts a WEP encrypted packet in about a minute...

Just my 2 ct...
Disagree all you want, I can't stop you. I would like to hear what you recommend though. Many devices don't support alternatives such as WPA, and absolutely no WEP leaves you vunerable to those theiving idiots who think that if it's the AP is unencrypted they have carte blanche to use the network. WEP may be a poor choice, but it is still better than nothing.
__________________
Thorn
Sex and Violence. You can't enjoy one, if you don't survive the other. (And that works both ways...)
Thorn is offline   Reply With Quote
Old 09-29-2004   #9 (permalink)
Thorn
Did you do the math?
 
Thorn's Avatar
 
Join Date: Apr 2002
Location: Villa Straylight
Posts: 10,008
Quote:
Originally Posted by aelk5579
Look i know you guys are experts here but (correct me if im wrong), i didnt come across any notice while registering as a member that said " you must have an x amount of knowledge/expertise to post threads on the forum".

If i asked a silly question it does not mean i get flamed. Maybe a link would have been better. Although i beleive that there is nothing wrong with the question i asked. I was expecting an answer like: Your firmware is probably new and does not give out much if not any weak IV's.
aelk5579,
Please read the Rules. We actively encourage people to lurk (and search) a long time before posting to avoid silly questions. My personal recommendation is one to two months.

Quote:
Originally Posted by aelk5579
If i asked a silly question it does not mean i get flamed. Maybe a link would have been better. Although i beleive that there is nothing wrong with the question i asked. I was expecting an answer like: Your firmware is probably new and does not give out much if not any weak IV's.
Asking a silly question does open you up to flames. The only "flame-free zone" is the Newbie Lounge.
__________________
Thorn
Sex and Violence. You can't enjoy one, if you don't survive the other. (And that works both ways...)
Thorn is offline   Reply With Quote
Old 09-29-2004   #10 (permalink)
wrzwaldo
I amuse you?
 
Join Date: Dec 2003
Posts: 9,127
Quote:
Originally Posted by aelk5579
Look i know you guys are experts here but (correct me if im wrong), i didnt come across any notice while registering as a member that said " you must have an x amount of knowledge/expertise to post threads on the forum".

If i asked a silly question it does not mean i get flamed. Maybe a link would have been better. Although i beleive that there is nothing wrong with the question i asked. I was expecting an answer like: Your firmware is probably new and does not give out much if not any weak IV's.
Okay if you really need someone to say it...

Your firmware is probably new and does not give out much if not any weak IV's.

or

You are doing something wrong.

or

Your SAFU!
wrzwaldo is offline   Reply With Quote
Old 09-29-2004   #11 (permalink)
devine
Emergence
 
Join Date: Jul 2004
Location: Paris
Posts: 389
Quote:
Originally Posted by aelk5579
is there anyway or method to decrease the time to crack WEP and/or generate more weak IV/traffic without gaining access to the network?
Yeah, you could use a better WEP cracking program than AirSnort
devine is offline   Reply With Quote
Old 09-29-2004   #12 (permalink)
c0rnholio
cd /pub && more beer
 
Join Date: Jun 2002
Location: Germany
Posts: 160
Quote:
Originally Posted by Thorn
Disagree all you want, I can't stop you.
Yeah, I know...
Quote:
Originally Posted by Thorn
I would like to hear what you recommend though. Many devices don't support alternatives such as WPA, and absolutely no WEP leaves you vunerable to those theiving idiots who think that if it's the AP is unencrypted they have carte blanche to use the network. WEP may be a poor choice, but it is still better than nothing.
ACK, but WEP should only be used if there _is no_ alternative. I know that most older AP's don't support WPA but all new devices should. So if one has the chance to use WPA-PSK, WPA-TKIP or proporitary 256bit WEP he definately should. The reason I posted my statement is that people are learning from reading the posts in this forum and if one is writing that WEP is still ok, he should also mention that it is only ok if there are no alternatives. (IMO of course )

My recommendation is to sell the old AP on ebay or whereever and get a new one that supports WPA.
__________________
You mean...there is life outside my lab?
c0rnholio is offline   Reply With Quote
Old 09-29-2004   #13 (permalink)
Chris
Bad as Can
 
Chris's Avatar
 
Join Date: Jul 2002
Posts: 1,141
Quote:
Originally Posted by c0rnholio
Yeah, I know...


ACK, but WEP should only be used if there _is no_ alternative. I know that most older AP's don't support WPA but all new devices should. So if one has the chance to use WPA-PSK, WPA-TKIP or proporitary 256bit WEP he definately should. The reason I posted my statement is that people are learning from reading the posts in this forum and if one is writing that WEP is still ok, he should also mention that it is only ok if there are no alternatives. (IMO of course )

My recommendation is to sell the old AP on ebay or whereever and get a new one that supports WPA.

I agree with Thorn on this. For a home user WEP is good enough (although in my opinion that applies to 128 bit only, forget 64 bit altogether).

Here is my reasoning and in relation to your post about sniffing a neighbors connection for a few days. Why bother? I gaurantee you that for every WEP encrypted network you can see, you can also see 2 that are wide open. What does an attacker gain from accessing YOUR network. The purpose of using WEP in a home environment is to avoid being a target of convenience.

If a person has information on their home network that they feel needs actual protection from attackers, WEP is not an option...but for that matter...what they hell are they doing putting info that needs protecting on their wireless network anyway?

At this point we start to degrade into a philospophical INFOSEC discussion that can quickly become circular.

So, to restate and summarize, I agree with Thorn. 128 bit WEP is enough for most home users.
__________________
perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Chris is offline   Reply With Quote
Old 09-29-2004   #14 (permalink)
c0rnholio
cd /pub && more beer
 
Join Date: Jun 2002
Location: Germany
Posts: 160
Quote:
Originally Posted by Chris
Why bother? I gaurantee you that for every WEP encrypted network you can see, you can also see 2 that are wide open. What does an attacker gain from accessing YOUR network. The purpose of using WEP in a home environment is to avoid being a target of convenience.
Greetings Chris. I got your point. Let me answer with a counter question. Why are script kiddies trying to get access to your computer over the internet? Even if you have a personal firewall they are always trying exploits for it. I think that the motivation of hacking into wireless networks is not always the same. Some do it for fun, some for other reasons. I have red posts on the internet where people answered to the question why they are trying to crack a wep encrypted network something like this:"I saw a tool on the internet and wanted to try it. Now I have access to my neighbours wep encrypted network..."

Quote:
Originally Posted by Chris
If a person has information on their home network that they feel needs actual protection from attackers, WEP is not an option...but for that matter...what they hell are they doing putting info that needs protecting on their wireless network anyway?
Well, in my case I have information on my home network / home office that needs some protection + I'm paranoid (so maybe I'm not the best example). But I am not afraid to use wireless technologie in my enviroment because I know the risks and I know how to protect me. But the average home worker or home user uses his wep enabled wlan with the believe that it is safe enough. He writes emails, uses online banking, bids on ebay and so on. What if one of those mentioned script kiddies is his neighbour? Sure this is theoretical and as you mentioned before it is a philosophical question. Don't get me wrong, I accept opinion, but however have to disagree.

Quote:
Originally Posted by Chris
At this point we start to degrade into a philospophical INFOSEC discussion that can quickly become circular.
Yeah, lets avoid that..I hate such discussions, they lead to nothing...
__________________
You mean...there is life outside my lab?
c0rnholio is offline   Reply With Quote
Old 09-19-2005   #15 (permalink)
dcast777
 
Posts: n/a
Angry Two Month's? What a Joke!!!
Quote:
Originally Posted by Thorn
aelk5579,
Please read the Rules. We actively encourage people to lurk (and search) a long time before posting to avoid silly questions. My personal recommendation is one to two months.



Asking a silly question does open you up to flames. The only "flame-free zone" is the Newbie Lounge.
From What i've read in just a few posts it sounds like people like thorn and the other so called "experts" need to quit looking down their noses at people and just answer their question. And if you don't want to do that, there is nothing stating that you have to help anyone on here. So there is no reason to get mad at someone for asking a question someone has already asked.

Since no one really answered your question it only takes a few minutes depending on network traffic. I'm not sure why you were not getting the packets that you need because I use kismit , but I know that's what it takes with that program.
  Reply With Quote
Reply
Page 1 of 2 1 2 >

« Replaced a WPC11 card with a Orinoco gold card and cannot get onto my own wifi | Airsnarf in Auditor Linux »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Google
 
Web NetStumbler.org

All times are GMT -7. The time now is 05:44 AM.

Contact Us - NetStumbler.org - NetStumbler.com - Online Backup - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0 ©2007, Crawlability, Inc.


All messages express the views of the author and are for entertainment purposes only. Netstumbler.org cannot be held responsible for the authenticity of the content or the actions of its members. By using this site and its services, you warrant that you will not post any messages that are discriminating, obscene, hateful, threatening, or otherwise violates any laws and you release Netstumbler.org from any future claims of any kind whatsoever including, but not limited to, addiction and loss of productivity. All forum messages, private messages and any other content are properties of Netstumbler.org. Even if publicly available, personal or copyrighted information are not to be posted without the consent of the owner. Distribution of licensed and copyrighted materials in any way not endorsed by the copyright owner is strictly prohibited. You may not use this site and its resources to spam other sites or individuals or perform any action that violates any law. Items sold or bought in the For Sale forum are sold as is and no warranty or insurance of any kind is provided. Netstumbler.org cannot be held responsible for the outcome of any transactions and no warranty of any kind is provided, either express or implied. Vulgar words are not allowed in the subject lines ; they may be used in the message body in any forum. The Administrator, Super Moderators and Moderators of Netstumbler.org have the right to remove, edit, move or close any thread for any reason and to reveal your identity and other known information in the event of a complaint or legal action arising from any message posted by you.