For a long time, WEP was considered to be an extremely good method of encrypting wireless connections. The acronym simply means Wired Equivalent Privacy. Originally it was only available in 64-bit configuration, but soon after 128-bit and even 256-bit encryption became available. Entering a 64-bit WEP Wi-Fi key was as simple as choosing a ten character hexadecimal number. Each character represented 4 bits, making 40 bits in total, and then 24 bits were added to complete the 64-bit key. WEP however, was proved to have many flaws mainly involving the short key size, which were relatively easy to crack. WEP also does not provide for security against altered packets – a process where packets of information is intercepted by an intruder and then altered before sending them back, making it look like the intruder is valid user.

These days, WPA (Wi-Fi Protected Access) and WPA2 have completely taken over from the old WEP encryption methods. You’ll probably still find WEP available on most routers, but it’s being phased out and someday it probably won’t be available at all. The main advantage WPA has over WEP is that it employs a powerful new feature called TKIP, or rather Temporal Key Integrity Protocol. TKIP is 128-bit, but instead of the key being static, it generates a new key for every packet of information that is sent, meaning it is a lot more secure. WPA also integrates a method of message integrity checks, used to defeat network attackers intercepting and altering data packets. WPA2 goes even further and replaces TKIP with CCMP. CCMP is an AES based encryption method that is much stronger even than TKIP.

In the home, you’ll probably want to use an encryption method called WPA-Personal. This is sometimes also called WPA-PSK. PSK stands for Pre-Shared Key, and is designed for home users and small offices where a server is not required for authenticating messages. It works by having each wireless device such as a laptop or smart phone authenticating directly with the wireless access point using the same key. Offices and large buildings may employ WPA-Enterprise. You can’t generally use this without a complicated authentication server set-up, but it does provide additional security.

Both WPA-SPK and WPA-Enterprise are available in WPA2, meaning even home users can now benefit from AES encryption over their Wi-Fi connections. All of these methods can transmit data at maximum speed, and you won’t notice any speed differences between each type of encryption. Therefore the recommendation is to use the best encryption you can. This means going for WPA2-PSK where you can in a home environment. There are new and more exotic types of Wi-Fi encryption becoming available, but for now even advanced users will find WPA2 more than adequate for most security applications.

If you are using wireless connections, you may want to check your router to make sure that it does not use encryption that can easily be cracked by users with the right toolset.

The tutorials tries to make it right for everyone, explaining everything in great detail which is great for beginners. You might want to skip some paragraphs if you already know the basics. The author uses aircrack -ng and explains the usage of this tool in great lenght. If you are curious take a look, you won´t find an easier introduction to WEP cracking. There will be a video tutorial out soon as well which visualizes everything.

The FBI method relies on the following tools: Kismet and Aircrack. Both can be found on Linux live cds such as knoppix.

Do the following if you have the tools available:

1. Run Kismet to find your target network. Get the SSID and the channel.
2. Run Airodump and start capturing data.
3. With Aireplay, start replaying a packet on the target network. (You can find a ‘good packet’ by looking at the BSSID MAC on Kismet and comparing it to the captured packet’s BSSID MAC)
4. Watch as Airodump goes crazy with new IVs. Thanks to Aireplay.
5. Stop Airodump when you have about 1,000 IVs.
6. Run Aircrack on the captured file.
7. You should see the WEP key infront of you now.

Update: WEP and WPA are no longer considered secure standards for wireless data transactions. It is highly recommended to enable WPA2-PSK in the wireless router if available. While it is also possible to attack WPA2-PSK wireless connections, success is not likely.

Please consult the manual of your router to find out how to change or modify the encryption method used by your wireless router. While we are at it, it is recommended to change the default admin password and username to improve router security significantly. Additional security measures, like disabling SSID broadcasting, filtering MAC addresses or changing the default SSID of the router have been proven to be ineffective to protect the wireless router from attacks.

The wireless research paper is still available. It details 802.11 security vulnerabilities. The latest vulnerability listed dates back to February 2002 though, it is therefor recommended to check other sources for more recent discoveries.

The first paragraph starts with a little theory on WEP cracking and goes on with setting up your tools, finding the network, capturing IVs, Using IVs to decrypt the key and finally Anticipated Problems. After that the differences between WEP and WPA cracking are explained and the article informs you about different WPA flavours.