Full Text

GLOSSARY OF ACRONYMS

WEP - Wired Equivalent Privacy

SSID - Service Set Identification

WPA - Wi-fi Protected Access

WEP is an encryption scheme, based on the RC-4 cipher. It is integrated into 802.11a, b and g wireless products. WEP uses a set of bits called a key to scramble information in the data frames as it leaves the access point or client adapter. The scrambled message is then decrypted by the receiver.

As is fairly well known, for such coding schemes to work, both sides must have the same WEP key. Even though today's keys are known as 64 or 128 bits, they are based upon a semi-random 24-bit initialization vector (IV). In reality, a 64-bit key actually contains only 40 bits of strong encryption. The 128-bit key has 104. The IV is placed in encrypted frame's header, and is transmitted in plain text.

With such high bit keys, cracking WEP keys has been a slow and boring process. An attacker would have to capture hundreds of thousands or millions of packets - a process that could take hours or even days, depending on the volume of traffic passing over the wireless network. After enough packets were captured, a WEP cracking program would be used to find the WEP key.

However, last summer, a new generation of WEP cracking tools appeared. This generation uses a combination of statistical techniques focused on unique IVs captured and a brute-force dictionary. This approach can crack a 128-bit WEP key in minutes instead of hours. It doesn't matter how many bits your keys have, if they are 24-bit number based.

Unfortunately, there is...