LINUX WIFI HACKING

A GENTLE INTRODUCTION TO WIFI

HACKING

By
INDERPREET SINGH

A Brief Overview

Wi-Fi has been around more than 12 years --originally, it lacked

any form of security

Since 2001, Wireless Encryption Protocol (WEP) has been

successfully attacked -- in 2007, it takes no more than 90,000
packets to break keys (due to weaknesses in RC4) -- time to crack
less than 1 minute

Since 2004, Wi-Fi Protected Access (WPA & WPA2) were

introduced to address WEPs failure -- but even this is not quite
enough for full security

Wi-Fi Encryption Techniques

WEP

WPA

WPA2

Comparison

WEP

WPA

WPA2

Name

Wired Equivalent
Privacy

Wi-Fi Protected Access

Wi-Fi Protected Access 2

24 bit initialization
keys
16.7 million
combination

48 bit initialization keys

500 trillion combinations

48 bit initialization keys

500 trillion combinations
(Advanced Encryption
Standard)

64 bits
128 bits

64 bits
128 bits

64 bits
128 bits

Static encryption keys

Unique encryption key

Unique encryption key

Speed

Not much processing

power

Somewhat processing
power

Requires greater
processing power

Master Key

Master keys are used

directly

Master keys are never

directly used

Master keys are never

directly used

Combo

Encryption

Keys

4-way Handshake

LIVE DEMO

Securing Wi-Fi

In my view, only reliable method for securing Wi-Fi is to run a VPN

on top (e.g., OpenVPN)

WEP and WPA are easily broken (WPA TKIP cracked in less than 1
minute by Japanese researchers in 2009)

WPA is TKIP -- WPA2 is CCMP, which is better (AES)

WPA2 is probably secure enough for home usage -- but there is

still risk of impersonation