WEP: Cracked in 60 Seconds
Page 1 of 1
It's no secret that wired equivalent privacy (WEP)
With the right tools and some time, anyone can crack WEP by gathering enough information from the airwaves, which is then used to figure out the pass-phrase protecting the wireless link. The more packets
Researchers at the Darmstadt University of Technology in Darmstadt, Germany have reduced the number yet again, to just 40,000 captured packets. That gave them enough to get a 50% probability of recovering the passkey. 60,000 packets pushed the chance to 80%, and 85,000 made it 95%. They did this with a tool they call aircrack-ptw, and they wrote a paper about it, available here.
Their recommendation is pretty obvious: WEP should not be used. It's better than no security, but it's also close to no security if you've got trespassers with enough desire and smarts. As they say in the paper, "While arguably still providing a weak deterrent against casual attackers in the past, the attack presented in this paper greatly improves the ease with which the security measure can be broken." And it's true -- there are still products coming out today that only support WEP, even though Wi-Fi Protected Access (WPA) officially replaced it long ago. It has been required by the Wi-Fi Alliance since 2006 for a product to be Wi-Fi Certified.
That said, companies like AirDefense say that businesses still have a lot invested in legacy WEP-only products, and in some cases -- like retail distribution centers -- it could take millions of dollars to upgrade the equipment. That's why they offer a module for their security software called WEP Cloaking, which sends out extra packets to prevent aircrack-like tools from gathering the data they need. AirDefense says it plans to stay ahead of new WEP cracking efforts, and claims it is already successful in beating this new under-60-second crack.