User Tools

Site Tools


aircrack-ng

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
aircrack-ng [2018/10/08 04:03]
mister_x Updates (version, command line, URLs)
aircrack-ng [2019/09/18 22:39]
mister_x [Description] Updated
Line 4: Line 4:
 Aircrack-ng is an 802.11 WEP and WPA/​WPA2-PSK key cracking program. Aircrack-ng is an 802.11 WEP and WPA/​WPA2-PSK key cracking program.
  
-Aircrack-ng can recover the WEP key once enough encrypted packets have been captured with [[airodump-ng]]. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. ​ The first method is via the PTW approach (Pyshkin, Tews, Weinmann). ​ The default cracking method is PTW.  This is done in two phases. ​ In the first phase, aircrack-ng only uses ARP packets. ​ If the key is not found, then it uses all the packets in the capture. ​ Please remember that not all packets can be used for the PTW method. ​ This [[supported_packets|Tutorial:​ Packets Supported for the PTW Attack page]] provides details. ​ An important limitation is that the PTW attack currently can only crack 40 and 104 bit WEP keys. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key.  The second ​method is the FMS/KoreK method. ​ The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing.+Aircrack-ng can recover the WEP key once enough encrypted packets have been captured with [[airodump-ng]]. This part of the aircrack-ng suite determines the WEP key using two fundamental methods. ​ The first method is via the PTW approach (Pyshkin, Tews, Weinmann). ​ The default cracking method is PTW.  This is done in two phases. ​ In the first phase, aircrack-ng only uses ARP packets. ​ If the key is not found, then it uses all the packets in the capture. ​ Please remember that not all packets can be used for the PTW method. ​ This [[supported_packets|Tutorial:​ Packets Supported for the PTW Attack page]] provides details. ​ An important limitation is that the PTW attack currently can only crack 40 and 104 bit WEP keys. The main advantage of the PTW approach is that very few data packets are required to crack the WEP key. 
 + 
 +The other, older method is the FMS/KoreK method. ​ The FMS/KoreK method incorporates various statistical attacks to discover the WEP key and uses these in combination with brute forcing. It requires more packets than PTW, but on the other hand is able to recover the passphrase when PTW sometimes fail.
  
 Additionally,​ the program offers a dictionary method for determining the WEP key. Additionally,​ the program offers a dictionary method for determining the WEP key.
  
-For cracking WPA/WPA2 pre-shared keys, only a dictionary method is used.  SSE2 support is included to dramatically speed up WPA/WPA2 key processing.  A "​four-way handshake"​ is required as input. ​ For WPA handshakes, a full handshake is composed of four packets. ​ However, aircrack-ng is able to work successfully with just 2 packets. ​ EAPOL packets (2 and 3) or packets (3 and 4) are considered a full handshake.+For cracking WPA/WPA2 pre-shared keys, only a dictionary method is used.  A "​four-way handshake"​ is required as input. ​ For WPA handshakes, a full handshake is composed of four packets. ​ However, aircrack-ng is able to work successfully with just 2 packets. ​ EAPOL packets (2 and 3) or packets (3 and 4) are considered a full handshake
 + 
 +SSE2, AVX, AVX2, and AVX512 support is included to dramatically speed up WPA/WPA2 key processing. With the exception of AVX512, all other instructions are built-in Aircrack-ng,​ and it will automatically select the fastest available for the CPU. For non-x86 CPUs, SIMD improvements are present as well.
  
  
aircrack-ng.txt · Last modified: 2019/09/18 22:39 by mister_x