WEP Quest

Paul Blankenbaker


        
      

Ronald W. Henderson

CTO
UNIVERSAL Technologies


        
      

Copyright © 2003 - 2009 Respective Authors

2005-May-9

Abstract

This article will demonstrate the weakness associated with the IEEE 802.11b wireless encryption standard called WEP (Wired Equivalent Privacy). The reader will learn how a WEP key for a WEP encrypted wireless network can be cracked.


Table of Contents

Overview/History/Goals
Determining The WEP Key
Gathering The Necessary Equipment
Setting Up The System
Determining The Frequency/Channel Of The Access Point
Capturing Wireless Data Packets
Deciphering the WEP Key
What We've Learned So Far
What Can Be Done With A WEP Key
Removing The WEP Encryption From The Captured Data
Examining Network Data After Removing WEP Encryption
What Else Can Be Done?
Summary
What Has Been Learned
What Should Be Further Investigated
Bibliography

Overview/History/Goals

Having a wireless access point in our home, and knowing that 128 bit WEP is subject to being cracked, I've often wondered the following:

How long would it take for a someone parked in front of the house to determine the WEP key?

Being a developer involved with the Network Security Toolkit project, I knew that I had both the hardware and software to answer this question. Instead of simply running out and answering the question, I decided to take the time and "do it right" with the following goals in mind:

  • Demonstrate how one cracks the 128 bit WEP key for a wireless network.

  • Demonstrate how one might then estimate how much time must elapse before they should assume their WEP key is cracked by someone outside.

  • Offer some thoughts on alternatives to improving security beyond basic WEP (in particular for those of us using multiple Operating Systems).

  • Document and publish my results on the Internet.

The purpose of this article is not to enable one to break into wireless networks. Instead, the goal of this article is to provide incentive to those making use of wireless networks to do a better job at securing them. It may not be possible to keep a determined and skilled network cracker out of a wireless network, but we should be able to do a better job at slowing them down.

Note

This article was written using release 1.2.2 of the Network Security Toolkit. If you wish to repeat any of the documented experiments, and you use a different hardware, or a different version of the Network Security Toolkit distribution, you will need to make slight adjustments based upon your hardware.