O'Reilly logo

Cisco Wireless LAN Security by Andrew Balinsky, Darrin Miller, Krishna Sankar, Sri Sundaralingam

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

WEP Key Recovery Attacks

One of the juiciest targets for an attacker targeting a WEP-protected WLAN is recovering the WEP key. Because of vulnerabilities in the WEP protocol and some implementation mistakes, several attacks have been developed that compromise WEP keys. The most serious of these is the Fluhrer-Mantin-Shamir (FMS) attack, which allows a passive sniffer to recover WEP keys with as little as nine minutes of sniffing.

Dictionary-Based Key Attacks

So-called strong WEP keys are 104 bits, or 26 hexadecimal digits, which is a chore to type. Dynamic key distribution methods, such as those included in the Lightweight Extensible Authentication Protocol (LEAP) or the Protected Extensible Authentication Protocol (PEAP), overcome this chore. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required