Le vendredi 17 février 2006 à 09:40 -0600, Larry Finger a écrit : > Thank you very much for the tutorial on WEP cracking. I knew that it > was not secure, but didn't realize the ease at which it could be > cracked. For Windows users, this should be pretty scary!
You're welcome :) > One question still remains: How will injection help Andrea test > network security? If it is WEP, it is by definition insecure, and if > it is WPA, injection doesn't help. Yes it is indeed. Just remember management traffic is still sent unprotected. Now you want to crack WPA PSK. To achieve this, you need to sniff one authentication so you can attack it with your dictionnary or bruteforcer. How do you get this authentication ? You inject disassociations over the network so every client has to re-authenticate and you get your material. Now, you have the PSK, and you want to use it to actually decrypt traffic. But if you want to spy a specific client, you need to see him authenticate so you can have all the elements necessary for you to calculate its session TEK, then initiate TKIP generation so you can have every per packet key and then decrypt everything. So you need the authentication. And how do you get ? Disassociation frames injection and you're on traffic injection again... :) -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! _______________________________________________ Bcm43xx-dev mailing list [email protected] http://lists.berlios.de/mailman/listinfo/bcm43xx-dev
