Articles

WEP Cracked: FMS/KoreK Attacks Explained

March 15, 2026 3 min read

WEP encryption is fundamentally broken because its cryptographic weaknesses allow attackers to recover the secret key in minutes.

Here’s how it all goes down, and why you should absolutely not be using WEP for anything sensitive.

The Core Problem: Weak Initialization Vector (IV)

WEP uses a stream cipher called RC4. RC4 itself isn’t inherently terrible, but WEP’s implementation is. The critical flaw lies in how WEP generates and uses its Initialization Vector (IV). The IV is a small, 24-bit piece of data that’s supposed to be unique for each data packet. This uniqueness is crucial for stream ciphers to prevent identical plaintext from producing identical ciphertext.

WEP’s IVs are too short (24 bits means only 16,777,216 possible values) and, more importantly, they are often reused. Worse, they are transmitted in plaintext along with the ciphertext. This allows an attacker to collect a large number of WEP packets and analyze the IVs.

How an Attacker Exploits This

An attacker doesn’t need to break RC4 directly. They just need to collect enough IVs.

  1. Packet Sniffing: An attacker on the same wireless network (or within range) uses a wireless network adapter capable of "monitor mode." Tools like airodump-ng (part of the aircrack-ng suite) are perfect for this.

    airodump-ng wlan0mon

    This command starts capturing all wireless traffic on the wlan0mon interface. The attacker watches for WEP-encrypted packets.

  2. IV Collection: The attacker collects packets. WEP packets are identifiable by their encryption method. The crucial part is that the 24-bit IV is sent in the clear at the beginning of each WEP-encapsulated frame. An attacker needs to capture about 40,000 to 100,000 IVs to have a good chance of cracking the key. This can take anywhere from a few minutes to a few hours, depending on network traffic.

  3. Attacking the IVs: Once enough IVs are collected, the attacker uses specialized tools to analyze them. The most common suite for this is aircrack-ng.

    aircrack-ng captured_packets.cap -w dictionary.lst

    If a dictionary file is used, aircrack-ng will try to compute the WEP key. However, for WEP, the attack is more about statistical analysis of the IVs themselves, especially the "weak IVs."

  4. Weak IVs and FMS Attack: A significant weakness exploited by the Fluhrer, Mantin, and Shamir (FMS) attack (and its improvements like KoreK and PTW) is that certain IV values are statistically correlated with the secret WEP key. If an attacker sees a packet with a "weak IV," they can deduce a significant portion of the secret key immediately, drastically reducing the number of packets needed. The PTW attack, for instance, can recover a 64-bit WEP key with as few as 15,000 packets, and a 128-bit key with around 60,000 packets.

  5. Key Recovery: Tools like aircrack-ng implement these attacks. They analyze the collected IVs and, using mathematical properties of RC4 and the weak IVs, can calculate the 40-bit or 104-bit secret key (depending on whether it’s 64-bit or 128-bit WEP).

    aircrack-ng captured_packets.cap

    If aircrack-ng successfully finds the key, it will display it in the form of six hexadecimal bytes (e.g., 00:11:22:33:44:55).

Why This Works: The Math Behind It

The core of the FMS attack relies on the fact that the first few bytes of the RC4 keystream are predictable given certain initial states. WEP’s key generation process combines the secret WEP key with the IV to create this initial state. When the IV is too short and predictable, or when certain IVs are used, the attacker can work backward from the known (but encrypted) data to deduce the secret key. It’s like having a lock where the combination is partially revealed if you see the lock being turned in a specific way.

The "Fixes" Aren’t Really Fixes

There were some attempts to patch WEP, like WEP40 (40-bit key) and WEP104 (104-bit key), which just meant a longer secret key. This increased the number of IVs needed but didn’t fix the fundamental flaws in the IV generation and usage. WPA (Wi-Fi Protected Access) was an interim solution that used TKIP (Temporal Key Integrity Protocol) to address WEP’s shortcomings by dynamically changing keys and using a stronger IV mixing function. However, TKIP itself is now considered deprecated, and WPA2 (using AES encryption) is the modern standard.

What Happens When You Try to Use WEP Today

If you have a device that only supports WEP, you’re in a tough spot. Most modern operating systems and network hardware have deprecated or removed WEP support entirely. You’ll likely encounter "authentication failed" errors, or the device simply won’t be able to see or connect to the network if the access point is configured for WEP.

The next error you’ll encounter is trying to justify why you’re still using WEP.

Want structured learning?

Take the full Cryptography course →