1
00:00:00,840 --> 00:00:09,090
The first incorruption that we'll learn how to rake is called Then you epee or Wired Equivalent Privacy.

2
00:00:09,090 --> 00:00:13,720
This is an all day encryption that can be easily broken.

3
00:00:13,740 --> 00:00:19,490
The reason why I'm still covering it in this chorus is first of all because like I said it's very simple

4
00:00:19,490 --> 00:00:22,620
Also it's a good starting point also.

5
00:00:22,680 --> 00:00:25,910
It's still used sometimes in some networks.

6
00:00:25,980 --> 00:00:32,100
Therefore you can't really call yourself a hacker and then if you see a network that uses Web you'll

7
00:00:32,100 --> 00:00:35,690
get stuck and you won't even be able to break into it.

8
00:00:36,180 --> 00:00:43,170
So in this lecture I'm going to explain how web works and what's the weakness that we can use to break

9
00:00:43,170 --> 00:00:43,590
it.

10
00:00:43,800 --> 00:00:50,370
And in the next lecture you'll see how we can use this weakness in order to break web and get the key

11
00:00:50,460 --> 00:00:52,630
for any network that uses them.

12
00:00:52,680 --> 00:01:02,280
Epee So basically there's a new epee uses an algorithm called oracy for to encrypt its data so the way

13
00:01:02,280 --> 00:01:08,240
this works is basically if a client wanted to send something to their outer and let's say it was to

14
00:01:08,250 --> 00:01:15,170
send this text they are sent to the rafter it'll first encrypt this using a key.

15
00:01:15,480 --> 00:01:21,440
Therefore this normal text will be converted into gibberish as you can see here.

16
00:01:22,310 --> 00:01:25,480
This encrypted packet will be sent into the air.

17
00:01:25,520 --> 00:01:31,880
So for heico captures this packet as we seen before if we opened this packet we'll see that it's full

18
00:01:31,880 --> 00:01:38,090
of gibberish even though it actually contains useful information we want to be able to read it because

19
00:01:38,090 --> 00:01:39,820
it's encrypted.

20
00:01:40,070 --> 00:01:47,330
The access point will they receive this encrypted packet it'll be able to transform it back to its original

21
00:01:47,330 --> 00:01:50,350
form because it has the key.

22
00:01:50,540 --> 00:01:55,870
Therefore it'll actually be able to read the contents which is that at the centre of the rafter.

23
00:01:57,010 --> 00:02:02,560
The same happens if the rafter was to send something back to the client at first encrypted use in a

24
00:02:02,560 --> 00:02:04,320
key send it to the client.

25
00:02:04,330 --> 00:02:08,830
The client will be able to decrypt it because it has the key.

26
00:02:08,920 --> 00:02:10,860
So the concept is always the same.

27
00:02:10,910 --> 00:02:15,370
The transmitter encrypted data using a key sends it to the receiver.

28
00:02:15,370 --> 00:02:19,970
The receiver is able to decrypt it because it also has the key.

29
00:02:19,960 --> 00:02:25,600
Therefore anybody who captures the packet in the middle they will get the packet but they want to be

30
00:02:25,600 --> 00:02:29,990
able to see the contents because they do not have the key.

31
00:02:30,370 --> 00:02:35,160
So the algorithm and the way or issue for works is actually fine.

32
00:02:35,170 --> 00:02:43,540
The problem is with the way that W epee implement this algorithm and to understand this let's zoom in

33
00:02:43,540 --> 00:02:46,340
a little bit more on each step.

34
00:02:46,720 --> 00:02:48,670
So go back to the first step.

35
00:02:48,670 --> 00:02:55,530
We have the client tried to send data to the router and the data that it wants to send is that to send

36
00:02:55,530 --> 00:02:57,660
to the outer.

37
00:02:57,670 --> 00:03:06,610
So in order to encrypt this new epee tries to generate a unique key for each packet so literally each

38
00:03:06,610 --> 00:03:13,130
package that's sent into the air it tries to create any you unique key forehead.

39
00:03:14,120 --> 00:03:23,300
To do that it generates a random 24 bit initialization vector the initialization vector is then added

40
00:03:23,330 --> 00:03:29,170
to the password of the network to the actual key that people use to connect to the network.

41
00:03:29,180 --> 00:03:36,380
This generates a key stream and then this key stream is used to encrypt this backward and transform

42
00:03:36,380 --> 00:03:38,700
it in to gibberish.

43
00:03:41,010 --> 00:03:47,130
So basically we have the key stream Plus the data that we need to encrypt gives us the gibberish and

44
00:03:47,130 --> 00:03:49,990
then the gibberish is sent into the air.

45
00:03:51,390 --> 00:03:53,960
But before sending this into the air.

46
00:03:54,160 --> 00:03:59,170
W E P will also append the initialization vector.

47
00:03:59,170 --> 00:04:07,210
This is the 24 bit random number that I said it creates in order to make sure that each packet has a

48
00:04:07,210 --> 00:04:08,910
unique key.

49
00:04:08,920 --> 00:04:15,880
The reason why it is the initialization vector to the packet is because once the writer receives this

50
00:04:15,880 --> 00:04:20,550
packet it needs to be able to decrypted and to decrypt it.

51
00:04:20,560 --> 00:04:23,070
It needs the key and the i.v.

52
00:04:23,260 --> 00:04:27,060
What they're after already has the key So there is no need to send that.

53
00:04:27,100 --> 00:04:30,260
Therefore we just need to send it the ivy.

54
00:04:31,530 --> 00:04:38,430
So when the writer receives the packet it has the Ivy it has the password or the key so it can generate

55
00:04:38,430 --> 00:04:45,390
a key stream and then use that key stream to transform this gibberish into its original form and read

56
00:04:45,390 --> 00:04:46,250
the packet.

57
00:04:48,160 --> 00:04:53,230
So if you think about why I said you can probably guess what the weakness is.

58
00:04:53,470 --> 00:05:01,360
Basically the I.V. is sent in plain text so if you look at this you can see the packet content is encrypted.

59
00:05:01,390 --> 00:05:07,390
So if someone captures this packet they won't be able to read this but they will be able to read the

60
00:05:07,390 --> 00:05:10,150
i.v in plain text.

61
00:05:10,270 --> 00:05:15,060
Also the size of the i.v is only 24 bits.

62
00:05:15,400 --> 00:05:21,260
No considering the huge amount of traffic that can be generated on a wife network.

63
00:05:21,280 --> 00:05:28,990
This number is not big enough and the ivie's will start getting repeated in a busy network.

64
00:05:28,990 --> 00:05:30,230
This makes them.

65
00:05:30,310 --> 00:05:37,330
Epee vulnerable to statistical attacks so we can use a tool called aircraft engine to determine the

66
00:05:37,330 --> 00:05:38,140
key stream.

67
00:05:38,150 --> 00:05:45,610
Once we have enough repeated ivie's and from that it'll also be able to crack w epee and give us the

68
00:05:45,610 --> 00:05:47,250
key to the network.