I need information on WEP

By Original Poster
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Original Poster

Posted
Posted

WIRED EQUIVALENT PRIVACY (WEP) a wireless security measure

hi, I need to try and find more information on WEP I am doing a project (1 of many ) and i need to learn everything I can about WEP ... in extreme detail .. I need to see how and why it is so easily exploited with detailed explanations (I dont need to know how to hack it...just making that clear)

any help will be great..

once again to be clear (just so admins know) I am not asking how to hack a WEP I am asking about the wifi encryption standard and details on the know exploits .. for example, when a key is being obtained handshakes and arps are exchanged ... why? how? what is then done with the information? etc

Link to comment
https://www.neowin.net/forum/topic/1139420-i-need-information-on-wep/
Share on other sites
Grand Master

n_K

Posted
Posted

Look up the RFCs and IEEE standards on it which will give you all the knowledge you need to know...?

Here's one http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=654749&isnumber=14251&punumber=5258&k2dockey=654749@ieeestds&query=%28802.11+1997%29%3Cin%3Emetadata&pos=0

Grand Master

Original Poster

Posted
  • Author
Posted

Join a college/university that subscribes and you'll get it free.

I will get it from my uni then they should have it

You don't learn (and actually understand) that stuff in "extreme" detail in a short amount of time. It's like saying you want to know physical chemistry but don't want to get bogged down with all those orbital shapes and baryons and stuff. To get a solid understanding is going to take some real work so maybe you want to scale back a bit.

I Know I say in my post I need to know everything ... its more... I need access to everything but I know specifically what I am looking for :p its just to long to google search it and I was just coming here for sources or someone with an expert knowledge... I have read your post and will take your points on .... I am going to start ... there is a couple of issues with wep that I will be directly addressing for a program I am writing ... simple OPN WEP to start with then eventually moving on untill my program has all aspects of WEP security down..

Grand Master

+Warwagon MVC

Posted
  • MVC
Posted

Have a listen. This is from Security Now #89

Even More Badly Broken WEP

Leo and I review the operation of wireless network security and discuss in detail the operation of the latest attack on the increasingly insecure WEP encryption system. This new technique allows any WEP-protected WiFi network's secret cryptographic key to be discovered in less than 60 seconds.

http://www.grc.com/sn/past/2007.htm

http://media.grc.com/sn/sn-089.mp3

Grand Master

Original Poster

Posted
  • Author
Posted

Kinda the opposite of RTFM: the FM tells you how it's supposed to work and how to build an implementation. It doesn't tell you why an implementation is weak (if it did, we'd never have used it). I went for more of a "read the bug reports and patch notes" recommendation.

[/color]

It sounds more like you don't really care about how or why WEP is weak - that's going to be a discussion for math or comp-sci nerds who like to use lots of letters and symbols when they talk about things. You sound like you're more interested in the steps necessary to exploit a vulnerability.

Consider two imaginary descriptions of a weakness in some piece of cryptographic software:

  • Algorithm X has a bias in byte 3 that makes it 1/2^384 % more likely to return 0 than any other a-bit sequence. You can use that to discover 1 bit of key information in time 2^56 with 95% probability. (1.5 assloads of math and stats follow here. Lots of brackets and letters)
  • Capture 300,000 packets, then compute byte 5 + byte 9 xor byte 3 for each packet. Count how many times you get 1, 2,3,4,5,? as a result of that calculation and store the the number of times for each value. If a value occurs twice as often as any other number then there is a 95% chance that bit 4 of that value is bit #7 in the key. if you get { 1= 953, 2=888, 3=1,965, 3=1,001, 4=920? } then there's a good chance that the 7th bit in the key is 0 (because 3 occurs most often, 3dec = 0b0000011, so bit #4 is 0, so bit #7 of the key is probably 0). You can use this new information about the key + new packets + different calculations to determine the value of more bits in the key.

The first answer is what you'll get out of comp-sci text books and papers. It's the "real understanding" of why WEP is weak. You will see bits of the second in research papers but its typically a mathematical description rather than an algorithm. If you're not a huge math nerd it's going to be somewhat difficult to convert that into a useful algorithm. On the plus side, you know why those algorithms work.

If you prefer the second kind of answer then you're probably best off just reading the source code for a tool like aircrack-ng or metasploit. It won't give you an understanding about why the code works, but you will understand how to use it. The second is saying "you can perform a statistical attack" but it hand-waves passed the details about why particular data is used or exactly how it reveals particular bits of key information (why byte 5+9 and not 7+6? why do we get the bit in the key at postion 7 instead of 3? why do we need 300k packets and not 3m or 300?). If you don't really care why it works then reading the source code is the quickest way to enlightenment.

you are half right :p while I am looking as to how its exploited (i am not looking to exploit it with a program like aircrack and aireplay I want to know what these programs do to exploit it) but I feel I should have an understanding of the math as well but not to a massive indepth level to the point that I can write a book my self :p

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • This Dell 27 inch 4K 120Hz IPS monitor is really cheap after a very long time

      By neufuse · Posted

      I have one of these monitors, i picked one up last year for cheap they work pretty well for everyday use and they are pretty clear and color isnt bad
    • This Dell 27 inch 4K 120Hz IPS monitor is really cheap after a very long time

      By neufuse · Posted

      yeah that sentence had my head cringe
    • Microsoft Edge gets tons of security features, including AI model that can see your screen

      By tsupersonic · Posted

      did they not learn anything from the Recall fiasco?
    • Internet Download Manager (IDM) 6.43 Build 2

      By Copernic · Posted

      Internet Download Manager (IDM) 6.43 Build 2 by Razvan Serea Internet Download Manager (IDM) is a tool to increase download speeds by up to 8 times due to its smart dynamic file segmentation technology. Unlike other download managers and accelerators, Internet Download Manager segments downloaded files dynamically during download process, and it reuses available connections without additional connect and login stages to achieve the best possible acceleration performance. Comprehensive error recovery and resume capability will restart broken or interrupted downloads due to lost connections, network problems, computer shutdowns, or unexpected power outages. All popular browsers are supported IDM integrates seamlessly into Google Chrome, FireFox, Microsoft Edge, Opera, Safari, Internet Explorer, Maxthon and all other popular browsers to automatically handle your downloads. You can also drag and drop files, or use Internet Download Manager from command line. The program supports proxy servers, ftp and http protocols, firewalls, redirects, cookies, authorization, MP3 audio and video content processing. IDM includes web site spider and grabber IDM downloads all required files that are specified with filters from web sites, for example all pictures from a web site, or subsets of web sites, or complete web sites for offline browsing. It's possible to schedule multiple grabber projects to run them once at a specified time, stop them at a specified time, or run periodically to synchronize changes. Easy downloading with one click When you click on a download link in a browser, IDM will take over the download and accelerate it. You don't need to do anything special, just browse the Internet as you usually do. IDM will catch your downloads and accelerate them. IDM supports HTTP, FTP, HTTPS and MMS protocols. Changes in Internet Download Manager 6.43 Build 2: Resolved the problem that caused a "403 Forbidden" error when downloading some files Fixed a problem causing IDM download panel not to appear on some websites Fixed a bug that caused a crash when converting some TS files to MP4 Download: Internet Download Manager 6.43 Build 2 | 11.9 MB (Shareware) Links: Internet Download Manager Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Windows 11 is getting redesigned taskbar settings in new build

      By Captain_Eric · Posted

      It's in Experimental (26H2). Settings->Windows Update->Windows Insider Program. Then a) select Experimental, b) below that, select "Advanced Options" (where you will see the three options for "Experimental" builds -> select 26H2 (name change from 25H2 is rolling; so might be 25H2)

  • Recent Achievements

    • Dedicated
      Zeynel earned a badge
      Dedicated
    • One Month Later
      JKR earned a badge
      One Month Later
    • Dedicated
      Asgardi earned a badge
      Dedicated
    • Conversation Starter
      jessse3334 earned a badge
      Conversation Starter
    • Reacting Well
      JuvenileDelinquent earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      495
    2. 2
      +Edouard
      246
    3. 3
      PsYcHoKiLLa
      154
    4. 4
      Steven P.
      86
    5. 5
      macoman
      65
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!