Presentation I gave at DC207's regular meeting hosted at BlueTarp Financial (https://www.bluetarp.com). The presentation is a quick overview to a group of industry professionals and university students (many of who have never done anything like this) of using the aircrack-ng suite of tools to crack WEP and WPA passwords. A sandboxed wireless network was setup and live demonstrations were done.

1. Breaking Wireless Security cracking WEP & WPA presented by Casey DC207

3. retrieve WEP password

4. retrieve WPA/WPA2 passwords

6. in depth packet analysis

9. Aircrack-ng

11. Yay! BlueTarp!

13. Sept. 1999 in original 802.11 standard

14. uses an RC4 Stream Cipher

15. crypto is inherently flawed

16. deprecated in 2004 in favor of WPA2

17. still available on routers today

19. august 2001, Scott Fluhrer, Itsik Mantin, and Adi Shamir

20. passive attack to recover Key

21. need a busy network or a way to produce enough traffic

22. with enough IVs can calculate the Key

24. DEMO

26. don't use.

27. password complexity DOES NOT MATTER

29. WPA became available in 1999

30. uses TKIP encryption algorithm

31. intermediate step until WPA2

33. uses CCMP-AES encryption

36. no known public exploits that attacks the crypto

37. brute force attack

38. uses SSID of network as part of encryption

39. precomputation is much harder

40. Yay! BlueTarp!

42. DEMO

44. don't use a name in the top 1000 SSID list

45. disable WPS!

47. attempt at easy secure access

48. wanted to make it easy to add new devices

49. almost universally enabled on new routers

52. linksys routers still vulnerable with WPS disabled

53. Thanks for coming! Thank you Jon and BlueTarp for hosting and food! Questions? Help? [email_address] @CaseyDunham dc207.org @DCG207

55. Aircrack-ng aircrack-ng.org

56. ALFA Networks alfa.com.tw

57. DC207 dc207.org

58. BlueTarp bluetarp.com