Article: Cracking WiFi security: "How we did it to WEP" - complete with instruction kit
Shawn
Philipp Weinmann developed an exploit. They showed that they could get
the security code that protects WiFi access points using Wired
Equivalency Privacy in less than two minutes.
The original story gave the basic outline faster attack (based on a
cryptanalysis of RC4 by Andreas Klein), that works with ARP packets
and just needs 85,000 packets to crack the key with a 95 per cent
probablity. This means getting the key in less than two minutes.
Now Federico Biancuzzi has done an interview with the three
researchers. All three are studying at Darmstadt University of
Technology, Germany. Tews, 24, is a Bachelor student; Pyshkin, 27, and
Weinman, 29, are PhD students in Professor Johannes Buchmann's
research group.
The story gives just about all the details of how they did it,
including a couple of downloads to give you the necessary software.
What's it prove? Well, that nobody uses WEP except BT broadband? If it
was a genuine security exploit, publishing the details like this would
be a crime... but nobody seems bothered.
Full article here:
http://www.theregister.co.uk/2007/04/04/wireless_code_cracking/
Great tool here:
http://www.aircrack-ng.org/doku.php
Enjoy,
Shawn