Re: Cracking WEP and WPA keys

From: David M. Zendzian (dmz@dmzs.com)
Date: Wed Dec 14 2005 - 14:39:02 EST


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

If I remember right, and this might be one to take to the wifi list, but
the key is used to secure a key exchange, so you'd need to have the key
to establish the trust.

google wpa key exchange to find more

dmz

pagvac wrote:

>Would the following attack be feasible for obtaining a WEP key?
>
>Set up an AP with VERY strong signal and same SSID as the one used by
>the target network. After that, the client should be able to attempt
>to connect to your AP (you send stronger signal than the legitimate
>one) and send you the WEP which you could sniff from the AP itself.
>
>After that you're done and the key is yours.
>
>Am I talking non-sense here? Wouldn't the WEP key be sent to the AP in
>the *clear* at the beginning of the handshake? Otherwise how can the
>AP check whether or not the client is using the right key?
>
>I've never tested this and my assumptions might be based on incomplete
>and inaccurate knowledge about how wi-fi technologies.
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>
>
>
>
>

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ6B02pcwFRNrWbm9EQJN9wCgnmg9BXw8F7eMSa22tm6a3ZSp7ykAoMoo
ivHKl747dy3qC9gHKhBptVe9
=vaXH
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:16 EDT