• About WEP

A new tool to crack WEP keys has been published in few days ago.
It's named aircrack-ptw. This tool allow to decrypt 104 bits wep key with less 100000 packets against 600000 on aircrack-ng

I tried today and it seem to work well...

This is aircrack-ptw 1.0.0
For more informations see http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
allocating a new table
bssid = 00:0C:41:BB:50:BB keyindex=0 stats for bssid 00:0C:41:BB:50:BB keyindex=0 packets=31822
Found key with len 13: B5 11 E0 51 F0 F5 E2 CA DD 33 07 1B 39

  • About WPA-PSK

In order to supplement this post, I will talk about WPA-PSK attacks. At the Shmoo conference in 2006, WPA-PSK attack with Rainbowtables has been presented... I know it's not new!!!

For the WPA-PSK tables it's impossible to create a lookup table for all possible keys. Because the seeding of the algorithm with the SSID and SSID length meant that we'd have to compute all possible keys against all possible SSID's, the storage space required for this was well beyond the capabilities to provide or even calculate.

So You must generate Rainbow tables for a specified SSID like Oracle table with a specified user account.

Information is provided on this site and It's possible to download WPA-PSK Rainbow tables by torrent

Cain support also this attack

Reference:

http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/ aircrack-ptw
http://www.renderlab.net/projects/WPA-tables/

More information in French to Sid's Blog les-clous-sont-la-mais-vous-aviez-oublie-la-couronne