[Off topic] Difference between wpa: tkip & aes
Jar
jar
Sun Nov 6 12:40:19 PST 2005
> The sniffer has no way of knowing that they are WEP protected unless is
> takes a look at what happened during association.
OK, I am not a specialist, but the sniffer shows the data-packet as below when the
WPA-TKIP is selected. How the sniffer know that this data is WEP data?
Packet Info
Flags: 0x00
Status: 0x04 Encrypted
Packet Length: 1562
Timestamp: 00:18:39.435062200 11/03/2005
Data Rate: 22 11.0 Mbps
Channel: 11 2462 MHz
Signal Level: 59%
Noise Level: 0%
802.11 MAC Header
Version: 0
Type: %10 Data
Subtype: %0000 Data Only
Frame Control Flags: %01000011
0... .... Non-strict order
.1.. .... WEP Enabled
..0. .... No More Data
...0 .... Power Management - active mode
.... 0... This is not a Re-Transmission
.... .0.. Last or Unfragmented Frame
.... ..1. Exit from the Distribution System
.... ...1 To the Distribution System
Duration: 213 Microseconds
Receiver: 00:14:BF:48:A1:A2
Transmitter: 00:14:BF:2E:2E:2E
Destination: 00:50:FC:5A:5A:5A Edimax Tech:5A:5A:5A
Seq. Number: 195
Frag. Number: 0
Source: 00:14:BF:22:22:22
802.11 TKIP Data
WEP IV: 0x00201A
RC4Key[0]: 0x00
RC4Key[1]: 0x20
RC4Key[2]: 0x1A
TKIP Key Index: 0x20
Reserved: %00100
Ext IV: %0
Key ID: %00 Key ID=1
TKIP SC: 0x00000000
TKIP Data:
...||+.......V.. D5 04 B8 7C 7C 2B 84 1D 15 B5 0E D8 E2 56 A3 AF
....
....
And like this when WPA-AES is selected:
Packet Info
Flags: 0x00
Status: 0x04 Encrypted
Packet Length: 1558
Timestamp: 00:20:39.381721800 11/03/2005
Data Rate: 22 11.0 Mbps
Channel: 11 2462 MHz
Signal Level: 60%
Noise Level: 0%
802.11 MAC Header
Version: 0
Type: %10 Data
Subtype: %0000 Data Only
Frame Control Flags: %01000011
0... .... Non-strict order
.1.. .... WEP Enabled
..0. .... No More Data
...0 .... Power Management - active mode
.... 0... This is not a Re-Transmission
.... .0.. Last or Unfragmented Frame
.... ..1. Exit from the Distribution System
.... ...1 To the Distribution System
Duration: 213 Microseconds
Receiver: 00:14:BF:48:A1:A2
Transmitter: 00:14:BF:2E:2E:2E
Destination: 00:50:FC:5A:5A:5A Edimax Tech:5A:5A:5A
Seq. Number: 91
Frag. Number: 0
Source: 00:14:BF:22:22:22
802.11 TKIP Data
WEP IV: 0x0C0000
RC4Key[0]: 0x0C
RC4Key[1]: 0x00
RC4Key[2]: 0x00
TKIP Key Index: 0x20
Reserved: %00100
Ext IV: %0
Key ID: %00 Key ID=1
TKIP SC: 0x00000000
TKIP Data:
.J.\..'>c\.0A..- 7F 4A CA 5C E2 F5 27 3E 63 5C FD 30 41 F7 AC 2D
...
...
So this data could be AES encrypted even if this sniffer claims it is TKIP/WEP?
> That weak key claim is probably valid only if WEP was used (i.e., not
> for TKIP and certainly not for CCMP). Anyway, even for WEP, there are
> more efficient ways of cracking the key than weak keys, so reporting
> weak is kind of pointless for WEP nowadays.. It is weak, no matter what
> key is used.
Strange, Kismet complais about weak keys even when the WPA-AES is selected from the AP.
--
Best Regards, Jar
More information about the Hostap
mailing list