[MLB-WIRELESS] Re: Strong WEP Key Generator

Tue May 6 00:52:38 EST 2003

but how much data do they have to collect before they can crack a 128bit in
a few hours? isnt it like 2 weeks worth?

----- Original Message ----- 
From: "paul van den bergen" <pvandenbergen at swin.edu.au>
To: <melbwireless at wireless.org.au>
Sent: Monday, May 05, 2003 7:15 PM
Subject: Re: [MLB-WIRELESS] Re: Strong WEP Key Generator

> just been looking at this... here is a link to help sort out all the
mess...
>
> http://www.80211-planet.com/tutorials/article.php/1490451
>
> Key phrase for this subject (though the problem is far worse than opne
might
> immediately appreciate)
>
> quote
> You see, WEP's practical problem has always been that administrators tend
to
> stay with the same key for months, because there's no easy way to transfer
> new WEP keys. They have to manually set them in each access point and NIC.
> With a small key, WEP's typical 40 bit-key, a cracker can pick up enough
> frames based on the same key to figure it out in hours. A longer key, even
> 256-bits, just means that a cracker needs to collect more data. Thus,
while a
> long key will certainly discourage casual data raiders, if someone is
> determined to be a wireless spy, they do it with a few weeks of data
> collecting.
> end quote
>
> And I believe this is only one attack vector - there are others, but I
know
> too little to say if they have been fixed or not.
>
> On Mon, 5 May 2003 05:15 pm, Joris wrote:
> > On Sun, May 04, 2003 at 11:49:22PM -0700, Jouni Malinen wrote:
> > > On Mon, May 05, 2003 at 08:48:23AM +1000, Jason Hecker wrote:
> > > I don't know whether one should really call anything related to WEP
> > > "strong" ;-), but let's forget that for a moment and concentrate on
key
> > > generation..
> > >
> > > What exactly makes those keys "strong"?
> >
> > The fact that it's more random than your average birthday or kids name,
> > like most people do.
> >
> > I don't think that site was intended for strong cryptographical
> > purposes, but to help Mr and Mss Sixpack...
> >
> > > I would not call that strong key; it looks more like false sense of
> > > security. Actually, that's quite good match for WEP security.. ;-)
> >
> > Yep.
> > If you change the target audience, it starts making sense...
>
> -- 
> Dr Paul van den Bergen
> Centre for Advanced Internet Architectures
> caia.swin.edu.au
> pvandenbergen at swin.edu.au
> IM:bulwynkl2002
> "And some run up hill and down dale, knapping the chucky stones
> to pieces wi' hammers, like so many road makers run daft.
> They say it is to see how the world was made."
> Sir Walter Scott, St. Ronan's Well 1824
>
> To unsubscribe: send mail to majordomo at wireless.org.au
> with "unsubscribe melbwireless" in the body of the message
>

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message