Cracking WEP in 10 minutes

Yesterday I started noticing referral traffic from myscreencast.com, a phpbb-based community site for finding and sharing screencasts. The most entertaining one I found is called Cracking WEP in 10 minutes. It was produced with Camtasia, but the action takes place in Whoppix, which describes itself thusly:

Whoppix is a stand alone penetration testing live cd based on Knoppix. With the latest tools and exploits, it is a must for every penetration tester and security auditor.
To a thumping electronic beat, the WEP-cracking screencast shows you how to use: kismet to locate a victim; aireplay to generate the requisite hundreds of thousands of WEP initialization vectors; aerodump to save the traffic to a file; and aircrack to analyze the file and recover the WEP key.

I'd known about this combination of techniques in a general way, but penetration testing isn't my game and I'd never bothered to learn the details. It's fascinating to watch the process unfold, and a real testament to the educational power of screencasting.

As always, such power is a double-edged sword. This screencast will undoubtedly increase the amount of WEP-cracking that goes on. At the same time, though, I hope it will show a wider audience that, while WEP may not be entirely useless, it's a very weak defense and had better not be your only one. Cracking WEP today still requires specialized tools and high motivation, but it's just a matter of time until somebody packages up the procedure into a simple application that anybody can use.


Former URL: http://weblog.infoworld.com/udell/2005/06/08.html#a1246