Network encryption cracking: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 16:06, 7 February 2011 edit Mild Bill Hiccup (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 175,657 edits →Injecting traffic: spelling ← Previous edit		Latest revision as of 22:14, 24 September 2024 edit undo Kvng (talk \| contribs) Extended confirmed users, New page reviewers 116,060 edits destub
(15 intermediate revisions by 11 users not shown)
Line 1: {{Short description\|Method for breaching computer network security}} ~~{{Cleanup\|date=October 2008}}~~ {{~~Refimprove~~More citations needed\|date=October 2008}} {{essay\|date=August 2018}} '''Network encryption cracking''' is the breaching of network encryptions (e.g., WEP, WPA, ...), usually through the use of a special [[Wireless security\|encryption cracking software]]. It may be done through a range of attacks (active and passive) including injecting traffic, decrypting traffic, and [[Dictionary attack\|dictionary-based attacks]]. Line 9 ⟶ 10: * Injecting traffic based on known plaintext (active attack) * Gathering traffic and performing brute force/dictionary based attacks * Decrypting traffic using statistical analysis (passive attack) ===Injecting traffic=== Injecting traffic means inserting forged encrypted messages into the network. It may be done if either the key is known (to generate new messages), or if the key is not known and only an encrypted message and plaintext message is gathered, through comparison of the two. Programs able to do the latter are [[Aireplay]] and [[WepWedgie]]. ===Decrypting=== Decryption often requires 2 tools; 1 for gathering packets and another for analysing the packet and determining the key. Gathering packets may be done through tools such as [[WireShark]], [[or Prismdump]] and cracking may be done through tools such as [[WEPCrack]], [[AirSnort]], [[AirCrack]], and [[WEPLab]]. When gathering packets, often a great amount of them are required to perform cracking. Depending on the attack used, 5-16 million frames may be required. The attack command itself, however, is surprisingly simple. Line 22 ⟶ 23: Commands to be inputted into WEPCrack are: <syntaxhighlight lang="console"> $ perl \progra~1\wepcrack\pcap-getIV.pl </syntaxhighlight> This command generates a log-file (ivfile.log) from a captured packet obtained by WireShark or prismdump A packet with at least 5 million frames is required. <syntaxhighlight lang="console"> $ perl \progra~1\wepcrack\wepcrack\.pl ivfile.log </syntaxhighlight> This command asks WEPCrack to determine the key from the log file.<ref>{{Cite book \|last1=Beaver \|first1=Kevin \|title=Hacking Wireless Networks ~~for~~For Dummies \|last2=Davis \|first2=Peter \|publisher=[[For Dummies]] \|year=2005 \|isbn=978-0764597305 \|edition=1st}}</ref> ====AirCrack==== Line 36 ⟶ 41: ====AirSnort==== AirSnort is a software program that passively collects traffic on an [[IEEE 802.11b]] network that was released in August 2001.<ref>{{Cite magazine \|last=Delio \|first=Michelle \|title=Wireless Networks in Big Trouble \|language=en-US \|magazine=[[Wired (magazine)\|Wired]] \|url=https://www.wired.com/2001/08/wireless-networks-in-big-trouble/ \|access-date=2023-01-16 \|issn=1059-1028}}</ref> After enough packets have been collected, the program can then compute the key for the wireless network. As the software makes use of brute-force attack however, cracking the encryption can take between a few hours to several days, based on the activity on the network.<ref>{{Cite web \|title=AirSnort pokes holes in AirPort network security \|url=https://www.macworld.com/article/162585/airsnort.html \|access-date=2023-01-16 \|website=Macworld \|language=en}}</ref> AirSnort is an even simpler program, as it is completely interface-based. As the attack is only a simple brute-force attack however, cracking the encryption can take a while (from several days to a few weeks). Especially if traffic is low (only 4 users or so on network, the cracking will take at least 2 weeks). ~~==Comparison of tools==~~ A comparison of the tools noted above may be found at [http://www.securityfocus.com/infocus/1814 Security Focus].▼ ==References== {{reflist}} ==External links== ▲* A comparison of the tools ~~noted~~listed above may be found at [https://web.archive.org/web/20060408114100/http://www.securityfocus.com/infocus/1814 Security Focus]. [[Category:Computer network security]]