Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 




      :: Security-alerts
Security-Alerts mailing list archive (security-alerts@yandex-team.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[security-alerts] FYI: Aircrack-ptw - WEP Cracking Tool (ARP)

> -----Original Message-----
> From: SecuriTeam [mailto:support@xxxxxxxxxxxxxx] 
> Sent: Thursday, April 26, 2007 4:22 PM
> To: html-list@xxxxxxxxxxxxxx
> Subject: [TOOL] Aircrack-ptw - WEP Cracking Tool (ARP)
> Aircrack-ptw - WEP Cracking Tool (ARP) 
> WEP is a protocol for securing wireless LANs. WEP stands for 
> "Wired Equivalent Privacy" which means it should provide the 
> level of protection a wired LAN has. WEP therefore uses the 
> RC4 stream to encrypt data which is transmitted over the air, 
> using usually a single secret key (called the root key or WEP 
> key) of a length of 40 or 104 bit. 
> A history of WEP and RC4 
> WEP was previously known to be insecure. In 2001 Scott 
> Fluhrer, Itsik Mantin, and Adi Shamir published an analysis 
> of the RC4 stream cipher. Some time later, it was shown that 
> this attack can be applied to WEP and the secret key can be 
> recovered from about 4,000,000 to 6,000,000 captured data 
> packets. In 2004 a hacker named KoReK improved the attack: 
> the complexity of recovering a 104 bit secret key was reduced 
> to 500,000 to 2,000,000 captured packets. 
> In 2005, Andreas Klein presented another analysis of the RC4 
> stream cipher. Klein showed that there are more correlations 
> between the RC4 keystream and the key than the ones found by 
> Fluhrer, Mantin, and Shamir which can additionally be used to 
> break WEP in WEP like usage modes. 
> Aircrack-ptw attack 
> Aircrack-ptw is able to extend Klein's attack and optimize it 
> for usage against WEP. Using aircrack-ptw's version, it is 
> possible to recover a 104 bit WEP key with probability 50% 
> using just 40,000 captured packets. For 60,000 available data 
> packets, the success probability is about 80% and for 85,000 
> data packets about 95%. Using active techniques like deauth 
> and ARP re-injection, 40,000 packets can be captured in less 
> than one minute under good condition. The actual computation 
> takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 
> GHz and can additionally be optimized for devices with slower 
> CPUs. The same attack can be used for 40 bit keys too with an 
> even higher success probability. 
> Countermeasures 
> We believe that WEP should not be used anymore in sensitive 
> environments. Most wireless equipment vendors provide support 
> for TKIP (as known as WPA1) and CCMP (also known as WPA2) 
> which provides a much higher security level. All users should 
> switch to WPA1 or even better WPA2. 
> How the attack works 
> A paper <http://eprint.iacr.org/2007/120>  describing the 
> details and methods we used in our attack is available on the 
> IACR ePrint server <http://eprint.iacr.org/> . 
> Implementation 
> We implemented a proof-of-concept of our attack in a tool 
> called aircrack-ptw. It should be used together with the 
> aircrack-ng toolsuite. 
> Reproduction of our results 
> The tool is quite similar to aircrack-ng. You can find a very 
> good tutorial on the aircrack-ng 
> <http://www.aircrack-ng.org/doku.php?id=simple_wep_crack>  
> homepage. For usage with our tool, you need to make some 
> little changes. 
>     * In Step 3, you MUST NOT use the parameter -ivs. Just 
> skip this parameter, the other command line arguments still apply. 
>     * In Step 5, you should use aircrack-ptw instead of 
> aircrack-ng. ls -la output*.cap will give you a list of 
> capture files airodump-ng has created. Usually, if you did 
> not interrupt airodump-ng, there should be only one file 
> named output-01.cap. Just start aircrack-ptw output-01.cap to 
> get the key. If aircrack-ptw was not successfull, wait a few 
> seconds and start it again. 
> Questions and answers 
> Does aircrack-ptw work with arbitrary packets? 
> No, aircrack-ptw currently only works with ARP requests and 
> ARP responses. Using methods like ARP re-injection, it is 
> usually not a problem to generate a sufficient amount of ARP traffic. 
> In a future version, aircrack-ptw could be extended to work 
> with other packets too. 
> Does aircrack-ptw work with 256 bit keys? 
> Currently, aircrack-ptw does not support 256 bit WEP. 
> Does aircrack-ptw work on WPA1 or WPA2 too? 
> No. WPA is a complete redesign. Although the TKIP specified 
> for WPA still uses RC4 as encryption algorithm, related-key 
> attacks are not possible in this case since the per-packet 
> keys do not share a common suffix. Furthermore, re-injection 
> attacks on WPA protected networks will not work: WPA requires 
> multiple packets with the same IV to be discarded. Although 
> no cryptographic attacks against WPA1 are known, we recommend 
> WPA2 over WPA1 if you have the choice. 
> Does aircrack-ptw work against WEPplus? 
> This has not been tested due to lack of equipment supporting 
> WEPplus. Since WEPplus only avoids the weak IVs of the 
> original FMS attack, we foresee no problems in applying the 
> attack against WEPplus. 
> Does aircrack-ptw work against Dynamic WEP? 
> This has not been tested as well. In principle we expect our 
> attack to work on networks protected by Dynamic WEP. Since 
> Dynamic WEP allows for re-keying, the attack will provide a 
> key that may only be valid for a certain time frame. After 
> the key has expired, the attack needs to be performed again. 
> Additional Information: 
> The information has been provided by Sn0rkY 
> <mailto:snorky@xxxxxxxx> . 
> To keep updated with the tool visit the project's homepage 
> at: http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ 


Copyright © Lexa Software, 1996-2009.