AirSnort sniffing with Orinoco Gold cards

[Yee Chuan, Loh]

I was quite sure that AirSnort did not implement this form of passive 
sniffing and lookup, but rather did crack the encryption by retrieving the 
secret key. (implementation of the Adi Shamir paper, there was another 
implementation by some Rice Univ student I think, but the code was not put 
in public-domain)

-----Original Message-----

From: "Dominick, David" <David.Dominick at delta.com>
To: 'Jussi Vestman' <vestman at lut.fi>, wireless at lists.samba.org
Subject: RE: AirSnort sniffing with Orinoco Gold cards
Date: Wed, 22 Aug 2001 11:20:01 -0400

The level of encryption doesn't matter. WEP uses a public key and a shared
key. The public key is transmitted clear text. All of the computers on the
network use the same shared key. One example of a way to break the key is:
Learn both the ciphertext and the plaintext for some packets encrypted with
a given IV v.
This is really easy if you know the plaintext, because, for example, you
sent it , say via pings, or spam email!
you can also do it passively by watching for collisions.
Then you can easily determine the keystream RC4(k,v) by XORing the plaintext
and the ciphertext.
Note that you do not learn the value of the shared secret k.
Now you store that keystream in a table, indexed by v.
This table is at most 1500 * 2^24 bytes = 24 GB
Fits on a single cheap disk
The next time you see a packet with an IV stored in the table, you can just
look up the keystream, XOR it against the packet, and read the data!

AirSnort basically uses this premise to break the key without bothering to
crack the encryption.