[MLB-WIRELESS] Re: Strong WEP Key Generator

Jouni Malinen jkmaline at cc.hut.fi
Mon May 5 16:49:22 EST 2003


On Mon, May 05, 2003 at 08:48:23AM +1000, Jason Hecker wrote:

> http://www.warewolflabs.com/portfolio/programming/wepskg/wepskg.html

I don't know whether one should really call anything related to WEP
"strong" ;-), but let's forget that for a moment and concentrate on key
generation..

What exactly makes those keys "strong"? The fact that the key space is
greatly reduced by limiting to printable characters? The 'random 64-bit
WEP key' is limiting 2^40 key space to 95^5, i.e., less than 2^33..

Or might it be the flawed algorithm used in "random" key generation?
I don't know how Math.random() is implemented, but if it is not
"secure", the key space is reduced further. In case of longer keys,
this will most certainly reduce the key space a lot.. For example, if
the pseudo-random number generator produces a sequence of 2^32 numbers,
your "strong" 256-bit keys end up having at most 2^32 different values,
i.e., they are in practice only 32-bit (or probably less) keys..

I would not call that strong key; it looks more like false sense of
security. Actually, that's quite good match for WEP security.. ;-)

In addition, "Custom WEP key" looks more like ASCII->hex converter than
passphrase-based key generation.. 

-- 
Jouni Malinen                                            PGP id EFC895FA

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list