[MLB-WIRELESS] More on WEP

evilbunny evilbunny at sydneywireless.com
Fri Sep 6 12:17:40 EST 2002


Hello melbwireless,

  another article submitted, no one ever claimed credit for it
  though...

  Also I notice it's possible to use 2 separate WEP keys, one sending
  from the AP and 1 sending from the card...

  Be interesting to know what that did to the sniffing programs...

-- 
Best regards,
 evilbunny                          mailto:evilbunny at sydneywireless.com

http://www.SydneyWireless.com - Exercise your communications
freedom to make it do what you never thought possible... 

----------------------------------------------------------------------

Here are the facts on how "easy" it is to crack WEP.

First, in order to crack a WEP password, sniffing programs like
Airsnort need a certain number of packets with weak keys. Out of the
sixteen million keys which can be generated by WEP cards, about nine
thousand are weak (for 128 bit encryption.) These packets with weak
keys are regarded as "interesting" by the sniffer software. The highly
regarded Airsnort sniffing software boast that "most" passwords can be
guessed after about two thousand interesting packets. Some as few as
1200-1500, others as many as 3500-4000.       

Now, Airsnort use an example in their FAQ, of a business that has four
employees using wireless, all using the same password. If these
employees surf the net pretty continuously throughout the day (they're
not very good employees), they will generate about a million packets a
day in total which equates to approximately a hundred and twenty
interesting packets every day. Airsnort boasts that anywhere between
10 and 33 days, the network will almost certainly be cracked!!      

By their logic, you can figure that a company with 40 employees using
wireless could take between 24 hours and 80 hours. A company with 100
employees using wireless (that's a lot of wireless cards on the same
LAN using the same password!!) could take between 10 hours and 33
hours. It would seem that changing the password regularly should keep
sniffing programs at bay.

You should be aware that WEP means Wired Equivalent Privacy. In other
words WEP was never designed to be a security tool. For complete
security, users should implement some kind of end-to-end encryption
(Protocols like SSL and SSH). Customers should also use some sort of
authentication to keep users off the network should sniffers crack the
key.     
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1966 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.wireless.org.au/pipermail/melbwireless/attachments/20020906/706d2d69/attachment.p7s>


More information about the Melbwireless mailing list