0
I am wondering if it's possible to capture and extract incorrect passwords in a fake WEP access point. If so, how much time would it take to crack the password?
Ken
Posted 2019-07-17T04:36:55.967
Reputation: 11
Can you crack incorrect password attempts in WEP?
Answers
1
Probably not with a fake AP, no:
- In "Shared" auth mode, the AP sends the client some data and asks to decrypt it. The client never sends the 'raw' key to the AP during this handshake, only the decrypted token.
- In "Open" auth mode, there's no initial verification at all – the client just immediately starts sending encrypted data, and if it has the correct key, it'll get in.
But you don't actually need fake APs with WEP – you can easily crack any WEP-using network's key with just passive monitor, by obtaining enough encrypted data. You leave the packet capture running for a few days (depending on activity); then let the key recovery tool run for a few minutes; and it tells you the key.
(This is why nobody uses WEP anymore.)
user1686
Posted 2019-07-17T04:36:55.967
Reputation: 283 655
I was planning to create a fake WEP AP from an originally WPA2 AP so that the password can easily be cracked. Is it possible? – Ken – 2019-07-17T06:22:35.597
1No, and most clients will not send WPA/WPA2 passphrases to WEP APs at all – both because of security, and also because WEP keys work differently from WPA passphrases. – user1686 – 2019-07-17T06:25:08.363