Hacking & Solutions: Cracking WEP and WPA2-PSK

Hacking & Solutions: Cracking WEP and WPA2-PSK

By CWNP On 03/20/2008 - 10 Comments

This article is presented as part of hacking + solution track for Wireless Security Expo 2008.  Before reading the solutions article, make sure you have watched the hacking video.  Videos are available by registering here .

Cracking WEP is old-hat, but the newer WPA/WPA2-Personal can be cracked too.  See how its done and see how to secure against it.


Cracking WEP is fast and easy with commonly available Windows- or Linux-based tools.  The length of the WEP key, 40- or 104-bit, is practically irrelevant, and with the software tools currently available, any novice can crack WEP in minutes given enough captured data.  With users being added to the WLAN every day in most enterprises and the amount of data going over the WLAN growing exponentially, capturing enough data to crack WEP is often simple.

The moral of the story with WEP is simply that it should never be used when stronger authentication and encryption mechanisms are available.  

Cracking WPA/WPA2-Personal (which uses a passphrase) is a much more difficult task than cracking WEP, but it still isn't an overwhelming task.  Given the right dictionary file(s) and the latest versions of WPA cracking tools, cracking WPA/WPA2-Personal can happen in a short time if a very strong passphrase isn't used by the network administrator.  The Wi-Fi Alliance suggests at least 20 characters with lower case, upper case, numbers, and special characters and use of WPA2 over WPA whenever possible.

Tools such as Aircrack-ng can be easily used both for cracking WEP and WPA/WPA2-Passphrase.  Since Aircrack-ng is available for Windows, it gives the ability to do sophisticated hacking to a novice.  Use of WPA/WPA2-Personal should be limited to small installations such as SOHO - hence the name "Personal" - or very specific scenarios in SMB installations (like VoWLAN phones).  When WPA/WPA2-Personal is used, it is best for only the network administrator to have the passphrase.  He/she would enter it into every laptop, VoWLAN phone, handheld PC, or other wireless device manually without giving it to the user.  Of course this is not scalable, but it's more secure than having 5-50 users knowing the passphrase.

More secure alternatives to static WPA/WPA2-Personal passphrases have been developed, such as Ruckus Wireless's Dynamic PSK solution.  More information on this solution can be found here:  http://www.ruckuswireless.com/pdf/fs-dynamic-psk.pdf

If you just can't bring yourself to make a strong passphrase, there are tools just for this purpose, such as Juiper's PassAmp utility (a free download) and the website:


Having tools like these will help you get past the mental block of creating such strong passphrases.

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

0 Responses to Hacking & Solutions: Cracking WEP and WPA2-PSK

Subscribe by Email
There are no comments yet.
<< prev - comments page 1 of 1 - next >>

Leave a Reply

Please login or sign-up to add your comment.
Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

Read More