Contributed by jose on from the demonstrating-WEP's-problems dept.
This is a short article (PDF) up on the author's website. You can use an OpenBSD laptop to show people how weak WEP is and encourage stronger WiFi security mechanisms (ie IPsec).
(Comments are closed)
By Anonymous Coward () on
Nice to see these kind of articles, but let's not exaggerate this WEP insecurity (you'll be capturing for weeks non-stop on a SOHO wireless netwerk to grab the key).
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
In fact, modern firmwares don't even generate weak frames anymore, so Airsnort style cracking like this is useless.
However, WEP can still be easily cracked with much less than 10000 packets. Most of the time one is enough.
By Anonymous Coward () on
A lot of wireless gear released recently, or older hardware with updated firmware, has incorporated methods to avoid encrypting data with weak IV's which will stop wep-cracking methods that collect large amounts of data and attempt to crack weak IV's (sometimes incorrectly called weak keys).
The only real problem with wep in current times should be people using weak passwords.
If anyone has any evidence to the contrary, I would be very interested in checking that out.
Comments
By Anonymous Coward () on
The classic way of cracking WEP is pretty much dead, but there are plenty of more ways to do it.
A modified rainbow table attack vs the first four bytes of an LLC frame still will give us a short list of candidate keys, most we will toss out because they dont translate to ascii, and the rest can be used to mini-brute force another packet encrypted with the same IV.
The problem is that this is active, you have to accelerrate IV consumption in order to get packets matching your rainbow table (rainbow tables for LLC frames will reach 10 gb in size, and you aren't going to keep 16 million of them on hand).
Of course standard weak-password brute forcing works as well, and bit-entropy is very low in WEP keys.
Also we could build an IV / keystream dictionary by XORing out a known plaintext.
And then there are ciphertext/ciphertext XOR attacks.
By Anonymous Coward () on
Question....
To control who connects to the access point or listens to traffic, yes encryption is a real concern...
BUT...
IF the wireless solution was meant to be open for anyone to connect to the internet ... say for an Internet CAfe ... and the since past the access point the Internet is not secure anyways...
What advantage if any to make an open node use WEP or other encryptionb between access point and access client?
Because one would think for better security perhaps it is best to encrypt all the traffice from end to end rather than worry about the hops that are wireless??? Then WEP is redundant for this situation?
Perhaps if someone was using a laptop with windoze 9x, and someone else connected to the same hostaccess point they could look for netbios
stuff like shared folders/printers ... and
attack directly... But many windoze computers
get cracked just by email attachments and connecting to a website and their computer opening downloaded email/files without asking or worse the user clicking yes without understanding.
(and yes btw, do live in fear if you find out you were using putty on a windoze box that had a keylogger...:)
Comments
By Anonymous Coward () on
man otp
Comments
By Anonymous Coward () on
By Corbets () on
Thanks - I'm really looking forward to reading it!
Corbets
Comments
By bob () on
http://www.thti.telindus.be/news_thti/%7Edown/wep_insecurity.pdf
By Anonymous Coward () arlo_wa@yahoo.com on mailto:arlo_wa@yahoo.com