Information Technology Reference
In-Depth Information
checksum. This can be facilitated by making assumptions about the range of possible
values for a WEP key (users will often use ASCII characters).
Another whitepaper, written by David Hulton, “Practical Exploitation of RC4
Weaknesses in WEP environments”
[7]
describes a number of alternate approaches
for expanding the FMS concepts including additional methods of finding weak IVs
for secret key bytes beyond the first. Hulton claims it would be best to devise an al-
gorithm which can determine whether or not a particular IV can be considered weak.
His algorithm (implemented in a utility called dwepcrack) is shown in
Fig. 4
:
Using this algorithm, the search time for a weak IV is roughly 1
/
20 of the time it
would take using the unmodified FMS algorithm. Notice that the line of code that is
bolded tests to see whether the first byte of the IV is the byte of the secret key that
is currently trying to be determined and whether the second byte of the IV is 255.
Hulton includes a number of other tests to determine weak IVs resulting in a shorter
cracking time and an overall smaller number of packets that need to be captured.
x = iv[0];
y = iv[1];
z = iv[2];
a=(x+y)%N;
b = AMOD((x + y) - z, N);
for(B = 0; B < WEP_KEY_SIZE; B++)
{
/*
* test to see if this key would apply to any of the bytes that
* we're trying to crack.
*/
if((((0 <= a && a < B) ||
(a == B && b == (B + 1) * 2)) &&
(B%2?a!=(B+1)/2:1))||
(a==B+1&&(B==0?b==(B+1)*2:1))||
(x==B+3&&y==N-1)
||
(B!=0&&!(B%2)?(x==1&&y==(B/2)+1)||
(x==(B/2)+2&&y==(N-1)-x):0))
{
// It is a Weak IV
}
}
F
IG
. 4. Dwepcrack's algorithm for determining weak IV's.
