Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Weakness in 802.11 WEP

Posted by michael on from the candy-from-a-baby dept.

tim finin writes: "WEP is the security protocol used in the widely deployed IEEE 802.11 wireless LAN's. "Weaknesses in the Key Scheduling Algorithm of RC4" by Scott Fluhrer, Itsik Mantin and Adi Shamir describes new results on RC4 with a practical attack against WEP -- an extremely powerful attack which can be applied even when WEP's RC4 stream cipher uses a 2048 bit secret key (its maximal size) and 128 bit IV modifiers (as proposed in WEP2). The attacker can be a completely passive eavesdropper (i.e., he does not have to inject packets, monitor responses, or use accomplices) and thus his existence is essentially undetectable. After scanning several hundred thousand packets, the attacker can completely recover the secret key and thus decrypt all the ciphertexts. The running time of the attack grows linearly instead of exponentially with the key size, and thus it is negligible even for 2048 bit keys." The brave can jump straight to the paper in pure, clean, postscript or PDF format.

2 of 5 comments (clear)

  1. DMCA time by jbridge21 · · Score: 2

    Better hope these guys don't get arrested for putting out this paper...

    (Not that there's any chance of it. But still, it makes you think.)
    -----

  2. Why hide this? by Rick+the+Red · · Score: 2
    This is not on the front page because????

    --
    If all this should have a reason, we would be the last to know.