There are some tools that will work to try to find a WEP key but they require a lot of data and time. They exploit known vulnerabilities in the WEP algorithm to find the keys. However it could take as much as 500 meg of data. I don't have the links handy. Sorry. As far as brute forcing. ok idea but not very doable. to iterate through all cobinations would be 2^128 possibilities which gets you to about 3.4028236692093846346337460743177e+38 possible combinations. If you assumed you could do 1 per second - which would be tough if you wait for DHCP to respond it would take you 10790283070806014188970529154990 years to get through all the combinations. Thats a long time. :) If somebody could check my math that would be great.
Hello,
Slight mistake here : the first 24 bits of the key are random (sometimes incremental, but most vendors have fixed this by now), but transmitted inside the paquet (this is called Initialisation Vector - IV), whereas the last 40 / 104 bits are derived from one of the WEP key (since the system might use up to 4 WEP keys).
2^40 = 1099511627776 2^104 = 20282409603651670423947251286016
Since RC4 is a fast algorithm, my P4 1.7GHz processor can check around 25,000 k/s, so I guess you can walk trough a 40-bit keyspace in a couple of weeks if you have a cluster a 20 to 30 P4 2.5GHz computers.
There is also a trick that can save you time : some vendors derive the WEP key directly from the ASCII passphrase - that is why you sometimes have to give 5-character or 13-character only passphrases. In this case you only have to check the ASCII printable character range. I successfully manage to crack a 64-bit WEP key using a *single* packet within hours using this trick. However I never tried on 128-bit WEP keys.
Regards, - Nicolas RUFF ----------------------------------- Security Consultant EdelWeb (http://www.edelweb.fr/) Mail : [EMAIL PROTECTED] -----------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
