WEP - A No longer safe algorithm for Ad-Hoc (Wi-Fi)

>Wired Equivalent Privacy (WEP) is a weak security algorithm for IEEE 802.11 wireless networks. Introduced as part of the original 802.11 standard ratified in September 1999, its intention was to provide data confidentiality comparable to that of a traditional wired network. 

>WEP, recognizable by the key of 10 or 26 hexadecimal digits, is widely in use and is often the first security choice presented to users by router configuration tools.

> WEP was included as the privacy component of the original IEEE 802.11 standard ratified in September 1999. WEP uses the stream cipher RC4 for confidentiality and the CRC-32 checksum for integrity. It was deprecated in 2004 and is documented in the current standard.

>Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key. At the time that the original WEP standard was drafted, the U.S. Government's export restrictions on cryptographic technology limited the key size. 

>Once the restrictions were lifted, manufacturers of access points implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104).

>A 256-bit WEP system is available from some vendors. As with the other WEP-variants 24 bits of that is for the IV, leaving 232 bits for actual protection. These 232 bits are typically entered as 58 hexadecimal characters. 

((58 × 4 bits =) 232 bits) + 24 IV bits = 256-bit WEP key. 

> Key size is one of the security limitations in WEP. Cracking a longer key requires interception of more packets, but there are active attacks that stimulate the necessary traffic. There are other weaknesses in WEP, including the possibility of IV collisions and altered packets,that are not helped by using a longer key. 

>Since  RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.

  

>>>How This is done >>

The following procedure is given strictly as a proof of concept and may not be used for illegitimate purpose.

Step 0: Preparing resources : First of all we need to have any flavor of Linux .. (we are using Back Track since it has required softwares inbuilt)

After installing (or may be starting live session) we need following softwares :

Airmon,airodump,airplay,aircrack. All softwares can be found on respective repository .. do i need to tell you that you should have root privilege for this.... :p

Step 1: Checking interfaces and scanning WiFi network around.

Step 2: Dumping data packets : airodump-ng <interface name like wlan0>

 

# airodump-ng -c (channel) -w (file name) --bssid (bssid) (interface)

Step 3: Airplay - Trying Authentication request in different console.

Step 4: Cracking Network once Auth successful using aircrak ....

And you are Done with the ASCII key.

>This proves that now RC4 algorithm should not be used and WEP algorithm (which uses RC4) should not be used for Ad-Hoc connections.

>So next time you create your Ad-Hoc connection of Hotspot be careful that you aren't using WEP or open security. Use of WPA/WPA2 is highly recommended.

(Please note that the whole information is not given order to avoid any kind of misuse. And Author is not responsible for any misuse caused by reading document.)