Date: Tue, 26 Feb 2002 13:05:16 -0800
From: h1kari <h1kari@dachb0den.com>
To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com>,
Subject: Practical Exploitation of RC4 Weaknesses in WEP Environments
Practical Exploitation of RC4 Weaknesses in WEP Environments
This document will give a brief background on 802.11b based WEP weaknesses
and outline a few additional flaws in rc4 that stem off of the concepts
outlined in "Weaknesses in the Key Scheduling Algorithm of RC4" (FMS) and
"Using the Fluhrer, Mantin, and Shamir Attack to Break WEP" (SIR) and
describes specific methods that will allow you to optimize key recovery.
This document is provided as a conceptual supplement to dweputils, a wep
auditing toolset, which is part of the bsd-airtools package provided by
Dachb0den Labs. The basic goal of the article is to provide technical
details on how to effectively implement the FMS attack so that it works
efficiently with both a small amount of iv collection time as well as
cracking and processing time and to provide details on how other pseudo
random generation algorithm (prga) output bytes reveal key information.
http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt
I'd also like to announce that I've just released bsd-airtools v0.2 which
implements this outlined form of attack and allows you to crack weak keys
with quite fewer collected packets than any wep cracking applications that
are currently available.
http://www.dachb0den.com/projects/bsd-airtools.html
Cheers,
-h1kari