Division Zero (Div0). Copyright © 2011-2018

All rights reserved.

WEP (In)Security

12 May 2011

In cryptography it is a bad practice to use the same encryption key to encrypt every single packets / data. If Eve the eavesdropper has a copy of the encryption key used between Alice and Bob, although she’s unauthorise to read things not sent to her, she will be able to read all packets/data communicated between Alice and Bob.

 

WEP IV (Initialisation Vector) Security Flaw

Based on this diagram:

  1. A plain text that is going to be encrypted will be going through an Integrity Check Algorithm to produce a ICV which is sent with the packet to ensure the packet has not been altered with.

  2. The Secret Key (Encryption Key) will go through a pseudorandom number generator to make a key sequence which has the same length as the plaintext. It then use a 24-bit IV as part of the secret key.

  3. Lastly, the plaintext with ICV is encrypted by Bitwise XOR Process with the key sequence created in step 2 to create a ciphertext.

The vulnerability is at the IV — The 24-bit IV is equivalent to a total number of 2^24 useable IV. Although 16,777,216 seems a lot, IV is reused in a matter of 2–3 hours. Reusing IV is as good as reusing a password — You can calculate the encryption key through statistical attacks.

 

It is not a good idea to use WEP if better encryption standards are available.

 

Cracking WEP

With the limited number of IV, by listening to the Wi-Fi frequency channel and collecting enough packets, you can statistically calculate the encryption key through a suite of tools provided by the AirCrack suite.

 

Do Note
  1. Injection of packets might not work on all Wi-Fi cards as only certain chipset are supported.

  2. Do not hack into other’s network or risk being prosecuted under the Computer Misuse Act.

     

     

     

     

     

     

     

     

     

Tags:

Share on Facebook
Share on Twitter
Please reload

RECENT POST

September 5, 2017

Please reload

CATEGORIES
Please reload

TAGS
RSS
RSS Feed