Hacking & Solutions: Cracking WEP and WPA2-PSK

Hacking & Solutions: Cracking WEP and WPA2-PSK

By CWNP On 03/20/2008 - 3 Comments

This article is presented as part of hacking + solution track for Wireless Security Expo 2008.  Before reading the solutions article, make sure you have watched the hacking video.  Videos are available by registering here .

Cracking WEP is old-hat, but the newer WPA/WPA2-Personal can be cracked too.  See how its done and see how to secure against it.


Cracking WEP is fast and easy with commonly available Windows- or Linux-based tools.  The length of the WEP key, 40- or 104-bit, is practically irrelevant, and with the software tools currently available, any novice can crack WEP in minutes given enough captured data.  With users being added to the WLAN every day in most enterprises and the amount of data going over the WLAN growing exponentially, capturing enough data to crack WEP is often simple.

The moral of the story with WEP is simply that it should never be used when stronger authentication and encryption mechanisms are available.  

Cracking WPA/WPA2-Personal (which uses a passphrase) is a much more difficult task than cracking WEP, but it still isn't an overwhelming task.  Given the right dictionary file(s) and the latest versions of WPA cracking tools, cracking WPA/WPA2-Personal can happen in a short time if a very strong passphrase isn't used by the network administrator.  The Wi-Fi Alliance suggests at least 20 characters with lower case, upper case, numbers, and special characters and use of WPA2 over WPA whenever possible.

Tools such as Aircrack-ng can be easily used both for cracking WEP and WPA/WPA2-Passphrase.  Since Aircrack-ng is available for Windows, it gives the ability to do sophisticated hacking to a novice.  Use of WPA/WPA2-Personal should be limited to small installations such as SOHO - hence the name "Personal" - or very specific scenarios in SMB installations (like VoWLAN phones).  When WPA/WPA2-Personal is used, it is best for only the network administrator to have the passphrase.  He/she would enter it into every laptop, VoWLAN phone, handheld PC, or other wireless device manually without giving it to the user.  Of course this is not scalable, but it's more secure than having 5-50 users knowing the passphrase.

More secure alternatives to static WPA/WPA2-Personal passphrases have been developed, such as Ruckus Wireless's Dynamic PSK solution.  More information on this solution can be found here:  http://www.ruckuswireless.com/pdf/fs-dynamic-psk.pdf

If you just can't bring yourself to make a strong passphrase, there are tools just for this purpose, such as Juiper's PassAmp utility (a free download) and the website:


Having tools like these will help you get past the mental block of creating such strong passphrases.

3 Responses to Hacking & Solutions: Cracking WEP and WPA2-PSK

Subscribe by Email
Jeannieer Perryes Says:
03/13/2018 at 02:31am
Here is a knowledge about all of those who are taking interest in hacking and also taking solution. Hope this is the best www.essayvikings.com way in which they can easily get the knowledge. Hope this knowledge is best for you and may be also best for all of the others.

Kr Ashwin Says:
01/11/2018 at 04:57am
You know that there is many of the short cut keys and the command buttons to log off windows 10 desktop?Some times you don't like to shut down but for the privacy matter you needed to lock your system for some times.This how do i log off windows 10 will help you to all access for learn and share.Thank you so much.

04/06/2008 at 17:25pm
HI do you help me signup new acuont thanh

<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More