[MLB-WIRELESS] Convert Orinoco Silver to Gold

Joris joris at linux.be
Wed Apr 3 16:31:30 EST 2002 

On Wed, Apr 03, 2002 at 03:45:21PM +1000, Ben Anderson wrote:
> 
> I agree, there are several problems with the encryption the cards do that
> make it reasonably easy to crack.
> Ideally, it'd work though and only one layer of encryption would be
> necessary...
> Of course, turning the hardware encryption on adds another layer of
> difficulty to any cracking effort...
Drive-by network penetration becomes more difficult, but it's an easy
barrier. Everything helps, but the danger lies in the false sense of
security...
The orinoco 8.10 firmware upgrade changelog however reads:
WEP Weak Key Avoidance.
    The key that is input to the WEP64 or 128 RC4 encryption algorithm
    consists of the secret key configured by the user (or via 802.1x)
    concatenated with the IV (Initialization Vector). The IV is
    determined by the transmitting station. By excluding certain IV
    values that would create so-called "weak keys", the weakness of
    WEP as described in "Weaknesses in the Key Scheduling Algorithm
    of RC4" by Scott Fluhrer, Itsik Mantin and Adi Shamir, and
    demonstrated through the AirSnort program, are avoided.
    Note that, as the IV is always determined by the transmitting
    station, there is no impact on interoperability. Stations/APs with
    weak key avoidance implemented can interoperate with stations/APs
    that do not have this. Of course, protection against this attack
    is provided only if all stations and APs implement this new scheme.
Probably still not thrustworthy, but...


Btw, my Lucent WaveLAN cards, supposed to be silvers, also report supporting
102bit encryption, out of the box...


> > imho, this is pointless, since it's far better to run your ap wide open
> > and use pptp or ipsec to encrypt your traffic if you need it.
Definitely go for software link encryption, and firewall the damn interface
:)


-- 
  Greetings
  Joris
  joris at linux.be  UIN: 25569167
  PGP is currently out-of-use

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message

More information about the Melbwireless mailing list