[kismac] Re: Wordlists, 104-bit Keys and other questions

  • From: mybadluck22 <mybadluck22@xxxxxxxxx>
  • To: kismac@xxxxxxxxxxxxx
  • Date: Sat, 28 Feb 2004 15:44:09 -0800 (PST)

Hey there

well in my experience, it gives the 40 bit error when 
 i try a 104 bit attack (i was testing on my home
network with the wordlists) anywho, depending on what
brand the base is, you can try diff attacks. apple,
for instance, is suceptable to the apple 104 and 40
bit attacks (duh) and linksys and a few otheres are
suceptable to the 21 bit attack. one thing though, i
never understood what the md5 attacks weree for, can
anyone help me out there?

i heard that the all chars attacks can take days
though, but i dunno on a g5. 

if he's using 104 bit encryption, he will be pretty
safe, i think. also about the wordlists, i saw that
too. i have a 40 or so mb one that i got for free, and
a 30 mb one that i got for free (presumably different
words...) and no they dont mess with capitals as they
are different hex values... anyway hope this helps.

--- Darren Barnes <dazzyb@xxxxxxxxxxx> wrote:
> Hi again,
> So now I know that getting 0 weak keys is perfectly
> normal I have 
> another couple of questions. Basically I am trying
> to prove to my 
> Neighbor that WEP is insecure - however I haven't
> been able to crack 
> his network so I am not really proving my point very
> well and he is 
> getting smugger by the day!
> So anyway here are a few questions I have:
> 1. I understand that the wordlist attacks are a
> powerful and fast way 
> to get the key but one must have a good wordlist to
> start with. Where 
> are you getting your wordlists? I did see that there
> is a 500MB 
> password specific one available on a CD from the
> openwall collection - 
> but you have to pay for it. If I am going to pay
> money to educate my 
> neighbor I am going to make sure I get the best
> wordlist out there - 
> just incase. Any recommendations?
> 2. When a wordlist attack fails, the message that
> comes up says:
> > The key could not have been recovered. Possible
> reasons are: 1. The 
> > key was not a 40-bit key. 2. The crypto algorithm
> is not WEP. 3. 
> > Advanced Features like LEAP are activated.
> This seems to be a generic message whenever ANY
> crack attempt fails BUT 
> I want to check that the message "The key was not a
> 40-bit key" is not 
> valid when using wordlist attacks i.e. wordlist
> attacks can crack 
> 40-bit or 104-bit depending on which option you
> choose. Am I wrong? If 
> so, how does one crack a 104-bit WEP network since
> you cannot 
> bruteforce it and it's not giving me any weak keys.
> 3. Does the wordlist attack do anything special with
> the words or does 
> it try an exact match only? I.e. if the wordlist has
> just the word Eric 
> would it try any of the following:
> Eric, eric, ERIC, eRic, eRIC, etc.
> then theres number replacement options too i.e.:
> 3ric. 3RIC, 3r1c, 
> 3R1C, etc.
> I am assuming based on the speed with which the
> wordlist attack goes 
> through words that it is just trying an exact match
> so if you want all 
> the options above, you have to ensure they are in
> the file. If I am 
> wrong, I congratulate you on writing very very fast
> code.
> 4. Since I know that his network doesn't generate
> weak keys, I just 
> want to check that Packet Reinjection is of no use
> to me since a 
> greater number of data packets doesn't help once you
> have enough to run 
> the wordlist attacks.
> 5. Anyone with a G5 able to comment on how long the
> Bruteforce - all 
> chars crack takes?
> Thanks all.
> -Darren

aim: mybadluck22
msn: mybadluck22@xxxxxxxxx

Do you Yahoo!?
Get better spam protection with Yahoo! Mail.

Other related posts: