WEP Now completely useless: 104bit (128) key cracking in <1 minute

Discussion in 'News and Article Comments' started by Impotence, Apr 4, 2007.

  1. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    As the attack only requires ARP requests / replies it would be possible to attack an access point with no authenticated clients as long as something generated an ARP request on the wired side, such as a computer or even the router itself!
     
  2. Ferg

    Ferg Manbearpig

    Likes Received:
    0
    Trophy Points:
    16
    Eeep, things have gotten even worse since I did my dissertation on the subject, but still just imagine if everyone just chilled out, stopped being nasty and joined the Community Wireless Network (wiki) philosophy.

    I know it'll never get full realisation, but man... just imagine
     
  3. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    The problem comes about when you CANT have an open network as you have sensitive data moving accross it...

    WEP has been known to be broken for quite awhile, but its use is very widespread... for example, of the ~300 AP's ive seen near me (not going to say where this was :p)

    ~140 used a 40bit wep key
    ~90 used no encryption whatsoever (and most had the default SSID)
    ~50 used a 102bit wep key
    ~20 used WPA

    all WEP's usefull for now is a sign saying 'private property, go away please'
     
  4. Swansen

    Swansen The Ninj

    Likes Received:
    0
    Trophy Points:
    36
    lol
     
  5. ZeroKool

    ZeroKool Geek Trainee

    Likes Received:
    0
    Trophy Points:
    0
    Ive always seen WEP recently as a method of a 'private property, go away please' sign, after seen it done the 'long' (14 mins :p) way on a 40 bit key, but will this change anything among the non geek computer users? No i dont think so. So i can see this being a way to extend a hobby....
     
  6. Willz

    Willz MiCrO$oFt $uK$ :D

    Likes Received:
    36
    Trophy Points:
    48
    So does that mean the protection in my Netgear DG834V3 is useless now?
     
  7. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    I am assuming your router doesn't support WPA then...

    Most routers support WPA, and if not its the sort of thing i think should be possible with a firmware upgrade :) (i haven't checked this though)

    If it is possible, i wouldn't be surprised if netgear didn't do it.... to try and force you to buy a new router, if so, check out OpenWrt for a possible solution.
     
  8. Willz

    Willz MiCrO$oFt $uK$ :D

    Likes Received:
    36
    Trophy Points:
    48
    Lukily I dont use wireless anyway :p, but I wouldent be bothered either way.
     
  9. Impotence

    Impotence May the source be with u!

    Likes Received:
    6
    Trophy Points:
    38
    I think the main point to think about is that it will keep your neighbors out, which is all 95% of the population actually care about...

    Out of all the 10000's of people we will meet in our lives, what percentage will have any clue what this thread is even about (let alone be able to carry out such an attack).

    I only use a 64bit WEP key, why? because its easy and im not dealing with sensitive data (The only 'sensitive' data that is very rarely carried by my network travels through a VPN anyway).

    All i have to worry about are the family winblowz machines being owned, but i do have plans to monitor them (SNORT? i have a switch with an uplink so it shouldn't be too hard)
     

Share This Page