Copyright © 2003 - 2008 Respective Authors
2005-May-9
This article will demonstrate the weakness associated with the IEEE 802.11b wireless encryption standard called WEP (Wired Equivalent Privacy). The reader will learn how a WEP key for a WEP encrypted wireless network can be cracked.
Table of Contents
Having a wireless access point in our home, and knowing that 128 bit WEP is subject to being cracked, I've often wondered the following:
How long would it take for a someone parked in front of the house to determine the WEP key?
Being a developer involved with the Network Security Toolkit project, I knew that I had both the hardware and software to answer this question. Instead of simply running out and answering the question, I decided to take the time and "do it right" with the following goals in mind:
Demonstrate how one cracks the 128 bit WEP key for a wireless network.
Demonstrate how one might then estimate how much time must elapse before they should assume their WEP key is cracked by someone outside.
Offer some thoughts on alternatives to improving security beyond basic WEP (in particular for those of us using multiple Operating Systems).
Document and publish my results on the Internet.
The purpose of this article is not to enable one to break into wireless networks. Instead, the goal of this article is to provide incentive to those making use of wireless networks to do a better job at securing them. It may not be possible to keep a determined and skilled network cracker out of a wireless network, but we should be able to do a better job at slowing them down.
This article was written using release
1.2.2 of the Network Security Toolkit. If you wish to repeat any
of the documented experiments, and you use a different hardware,
or a different version of the Network Security Toolkit distribution, you will need
to make slight adjustments based upon your hardware.