I’m a beginner in cybersecurity, I have taken several courses about the basics. My question is: How does a tool like aircrack-ng extract the key just by capturing lots of packets and extracting the Initialization Vector (IV) then it extract the key, I mean what going behind the sense? Is aircrack-ng extracting the packets'IV + Random keys?
The question very clearly is : How aircrack-ng extract the key just by capturing lots of packets IV?
Im not pro in Wifi tools but here what I understood.
Aircrak is split in 3 tools (16 but we can concentrate on these): Airmon-ng. It enable monitor mode on wireless interfaces. You can now capture all packets (crypted packets). Airodump-ng. It sniff and store all packets he will find in .cap files. Aircrak-ng. With all the packets, he will use an algorithm to guess the WEP key. He dont actually “extract” the key, its a bruteforce algo, he tests all the possibilities. It can work but mostly of the time it fail.
Because its because of brute force method. You need many many many IV. Some IV are weaker to crack and leak more informations than others and you can actually begin a brute force with only one IV but to hope to have a successful attack it recommended to have 60 000 IV. I personnally dont like brute force like aircrack because its all about luck.