Wired Equivalent Privacy
WEP uses the Rivest Cipher 4 algorithm for packet encryption and the 32-bit version of the Cyclic Rendundancy Check to verify packet integrity.
Fluhrer, Mantin, Shamir Attack
The FMS attack exploits WEP's use of weak initialization vectors (only 24 bits) with RC4.
Passive Initialization Vector Capture
If a target network has enough traffic, an attacker can passively sniff packets until identical IV's are captured.
Packet injection can be used to generate more traffic in a WEP network, generating more IV's to capture.
Wi-Fi Protected Access 1
Wi-Fi Protected Access 2
Four-Way Handshake Capture
The authentication handshake of WPA2 contains the passkey salted with the access point's ESSID and hashed with PBKDF2-HMAC-SHA1. This hash can be bruteforced.
If clients often connect to the target network, or reconnect after the network starts, an attacker may be able to capture all four parts of the handshake.
If the authentication handshakes cannot be captured passively, an attacker can perform a deauthentication attack until all four parts of the handshake are captured.
Pairwise Master Key Identifier Capture
Wi-Fi Protected Access 3
EAPOL:: Extensible Authentication Protocol over LAN LAN:: Local Area Network WPA:: Wireless Protected Access PSK:: Preshared Key PMKID:: Pairwise Master Key Identifier WPS:: Wi-Fi Protected Setup WEP:: Wired Equivalent Privacy KRACK:: Key Reinstallation Attack FRAG:: Fragmentation and Aggregation Attacks FMS:: Fluhrer, Mantin,Shamir PTW:: Pyshkin, Tews, Weinmann