WEP attacks based on IV Collisions

From: Jason Ostrom (jpo@pobox.com)
Date: Wed Apr 28 2004 - 07:10:40 EDT

• Next message: vh: "Hydra 4.0 released"
• Previous message: Renaud Deraison: "Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Next in thread: Joshua Wright: "Re: WEP attacks based on IV Collisions"
• Reply: Joshua Wright: "Re: WEP attacks based on IV Collisions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

In trying to determine the degree of sophistication it takes to
decipher a WEP key based on IV Collisions, I have a Pcap dump with
kismet sniffer and steadily increasing IV Collisions. A couple of
questions.

First, correct me if I am wrong, but it seems like a non-trivial task
to actually determine the WEP key if you have zero knowledge about the
target network, i.e. IP addressing, AND can't readily inject 802.11b
frames into the target network just because you have a usable
keystream? Has anyone found differently?

This paper [1] provides pretty good examples of the attacks. In the "Passive Attack
to Decrypt Traffic", if you have a known keystream with one known plaintext, then it looks
like you could determine the plaintext WEP key after you XOR the
ciphertext and run the results back through RC4 - I don't understand
why the paper says "Once it is possible to recover the entire plaintext for one of the messages,
the plaintext for all other messages with the same IV follows directly, since all the pairwise
XORs are known." But that's just my confusion - if you have the
keystream (IV + Secret key run through RC4) and you have the original
plaintext, then why can't you determine the secret key as well?

Last, what types of traffic or methods are used to determine a
plaintext? I've seen one method mentioned: inject an ARP packet to the
AP encrypted with the known keystream. But this seems to be based on
having information such as IP addressing on the target network, which
isn't known in this case.

[1] "Security of the WEP algorithm"
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: vh: "Hydra 4.0 released"
• Previous message: Renaud Deraison: "Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Next in thread: Joshua Wright: "Re: WEP attacks based on IV Collisions"
• Reply: Joshua Wright: "Re: WEP attacks based on IV Collisions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:53 EDT