On Wed, 2007-06-13 at 20:09 +0100, Dave Walker wrote: > On Wed, 2007-06-13 at 19:50 +0100, Ian Pascoe wrote: > > Hi Folks > > > > Some clarity on these times to break please! > > > > Is this done by snooping the traffic that is going between the computer and > > router or by bombarding the router with various keys until it responds? > > > > Anyone know for sure? I know a couple of guys who work on computer > > crypotography and they quote figures like a million transfered packets to > > get the key reliably .... and they know cos they've done it. > > > > E > > > > Ian, > > I am concerned where this thread could lead, but i feel that a high > level explanation is appropriate. Obviously attempting this on a > network that is not your own is illegal. I attempted this on a network > i own a few years ago, and was shocked that i could gain access within > an hour. Tools have probably improved somewhat since i tried it. > > The way that WEP is cracked falls into two categories. There is a > passive attack that purely listens and logs packets sent between access > point and authorised user; the other method is active that sends > malformed packets to the access point that increases the amount of > 'interesting' packets returned to the cracker. > > These 'interesting' packets revel certain information that allow a tool > to work out what the WEP key is. > > The more 'interesting' packets you have gathered the faster the cracking > can be achieved, with a million; it would take seconds - but the > gathering takes a little longer. > > WEP is largely outdated, and most people who use security tend to use > the more secure WPA Protocol > > Kind Regards, > Dave Walker > >
There was a recent Security Now podcast that explains this topic quite well. It think it has been linked to before on this list, but here you go anyway. http://media.grc.com/sn/SN-089.mp3 Happy listening, Steve -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
