NetworkManager (was: Are these official fc4 iso's?)
Gregory Maxwell
gmaxwell at gmail.com
Mon Jun 13 04:00:28 UTC 2005
On 6/12/05, Michal Jaegermann <michal at harddata.com> wrote:
> It does not help you very much with that. I was talking about
> retrieving keys from ethernet packets _sniffed_ over a radio so how
> they are stored is hardly relevant. AFAIK you need big samples for
> those key breaking programs but the point is that with WEP you can
> collect long enough and a target has no way to check that this is
> happening.
Eh, it's even worse than that: the attacker can grab a packet, make a
guess at the addresses in use and flip some bits until he turns it
into a broadcast packet.... then the access point will retransmit it
with a new IV every time the attacker replays the packet on the
wire... This means that an attacker can generate the 100k packets
needed for a solid statistical attack on the key in a couple of
minutes tops.
I've even toyed with the idea of making a modifyed network manager to
auto-crack wep protected networks... but the traffic generated by
performing a replay attack is somewhat disruptive. :)
More information about the fedora-test-list
mailing list