From: pen-test@nym.hush.com
Date: Fri May 21 2004 - 11:42:59 EDT
>I would love to be enlightend but
>I fail to see how this is 'full access' given that it only provides
the >PRN sequence of a single IV/Key pair. Since AP's use different IV's
for >each packet transmitted, how is it possible to use their PRN discovery
>technique to gain access to packets encrypted with all other IV's?
You know the IV, algorithm and the plaintext and you have the corresponding
ciphertext. Additionally RC4 is a stream (XOR) cipher and CRC is used
for integrity checking.
>give you full access to a WEP encrypted wireless LAN
>without knowledge of the secret key
It is deriving the WEP key.
I don't see the need for another app to derive WEP keys, especially using
this method. For how much ARP and DHCP traffic are you willing to wait?
Any other way, and it becomes an active attack (such as sending e-mail
with a link to a video).
Airsnort only needs WEP encrypted packets, no matter the size and regardless
of type (known plaintext or not).
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT