[kismac] Wordlists, 104-bit Keys and other questions
- From: Darren Barnes <dazzyb@xxxxxxxxxxx>
- To: kismac@xxxxxxxxxxxxx
- Date: Sat, 28 Feb 2004 10:37:46 -0800
So now I know that getting 0 weak keys is perfectly normal I have
another couple of questions. Basically I am trying to prove to my
Neighbor that WEP is insecure - however I haven't been able to crack
his network so I am not really proving my point very well and he is
getting smugger by the day!
So anyway here are a few questions I have:
1. I understand that the wordlist attacks are a powerful and fast way
to get the key but one must have a good wordlist to start with. Where
are you getting your wordlists? I did see that there is a 500MB
password specific one available on a CD from the openwall collection -
but you have to pay for it. If I am going to pay money to educate my
neighbor I am going to make sure I get the best wordlist out there -
just incase. Any recommendations?
2. When a wordlist attack fails, the message that comes up says:
The key could not have been recovered. Possible reasons are: 1. The
key was not a 40-bit key. 2. The crypto algorithm is not WEP. 3.
Advanced Features like LEAP are activated.
This seems to be a generic message whenever ANY crack attempt fails BUT
I want to check that the message "The key was not a 40-bit key" is not
valid when using wordlist attacks i.e. wordlist attacks can crack
40-bit or 104-bit depending on which option you choose. Am I wrong? If
so, how does one crack a 104-bit WEP network since you cannot
bruteforce it and it's not giving me any weak keys.
3. Does the wordlist attack do anything special with the words or does
it try an exact match only? I.e. if the wordlist has just the word Eric
would it try any of the following:
Eric, eric, ERIC, eRic, eRIC, etc.
then theres number replacement options too i.e.: 3ric. 3RIC, 3r1c,
I am assuming based on the speed with which the wordlist attack goes
through words that it is just trying an exact match so if you want all
the options above, you have to ensure they are in the file. If I am
wrong, I congratulate you on writing very very fast code.
4. Since I know that his network doesn't generate weak keys, I just
want to check that Packet Reinjection is of no use to me since a
greater number of data packets doesn't help once you have enough to run
the wordlist attacks.
5. Anyone with a G5 able to comment on how long the Bruteforce - all
chars crack takes?
Other related posts: