Slashdot Mirror
WEP Gets A Bit Stronger
gmr2048 writes: "CNN is reporting that RSA has helped develop "Fast Packet Keying" to strengthen WEP security. More info can be found at the RSA page. Damn, and I'm still working on my Pringles can antenna."
← Back to Stories (view on slashdot.org)
Yes, we all know that WEP security needs to get a whole lot better before the WEP is actually useful.
They still use the RC4 algorithm, but now they claim to be implementing it right. Might actually keep the bad folk out if they can get the patches out to everybody.
literally just finished reading the cnet version of this story, which included a statement like the following:
"... does not address any new holes that might crop up"
can I be the first to tell cnet "DUH!"
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Great they moved the encryption to the hardware freeing up the cpu to run seti@home a little faster.
Why buy new hardware, when with a little effort you can use ipsec to do the same thing.
If there is a weakness, there is a way
Speaking of pringles cans, we just built a ton of them at the last seattlewireless meeting. We're seeing a 10 to 13db gain from a $5-10 antenna.
M eetingPictures2001
You can see pictures here:
http://www.seattlewireless.net/index.cgi/December
From http://www.rsasecurity.com/rsalabs/index.html:
Why is WEP Broken? ... While the WEP standard had specified using
different keys for different data packets, the key derivation function (how to derive
a key from a common starting point) was flawed.
The weakness in WEP stems back to a key derivation problem in the standard.
To all you undergrads doing math exams this week: yes, you really do have to know how to do this in the real world!
Toronto-area transit rider? Rate your ride.
Now they just need to improve things to the point that they can boldly advertise wireless security to the consumer public without having fear of getting burned. You've perhaps wondered why we've never heard any w-commerce commercials touting the security of wireless banking transactions? That's because they aren't, at least not yet. Heck, they still have trouble with the plain-ol' landlocked net.
I'd say, stick with good open source encryption like One Fish or Two Fish.
This means I have to go back to just reading my own mail for the time being?
;)
Just when my neighbor's online affair was getting interesting.
______
Once: you're a philosopher. Twice: a pervert.
Homeland security, Homeland security, Homeland security... this is the rallying banter of many in Washington. While I hold a concern for this also, I worry that our RIGHTS (inalienable) are going to be sacrificed. Should we expect Senate hearing soon on banning heavy encryption? Of course the business lobby might acutely help us here.
No bad guy will ever be able to use the network anyway.
You have the choice of encryption policy you want to use and you're in control on how secure you want the network to be.
The overhead of encrypting the packet headers is avoided (granted, the card is supposed to do that transparently, but still I have seen significant slowdowns in lag and throughput when playing with WEP).
The only drawbacks I can think of with doing your own protocol-level encryption are :
Bad guys can still see your bastion host or VPN gateway in clear and have a go at it (DoS or otherwise), and script kiddies might want to have a try because they think it's in clear, while when they see WEP in place they might not even try.
You have to set up a VPN and the infrastructure that goes with it (duh) while you don't have to with WEP.
It's a little harder for Windows users to use your service, if you use PPTP, or it's impossible altogether if you use something Windows doesn't understand, or it's costly because you have to buy third-party Windows VPN software (I don't deal with Windows users, thank God, so problem solved for me).
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
There is no security without physical security. And barring protecting the feds from installing keyboard sniffers and other constitution violating passphrase snatcher and tempest EMI amplifier trojans, you need:
CHALLENGE RESPONSE.
Without two way challenge response there is no way to prove the "system" your WEP is seemingly connecting to is not really a NSA-NRO van parked in the street that acts as a go between in the chain.
a covert liason.
This crap by PKP-RSA is nothing but more foolhardy layers of swill that does not fundamentally prevent a 3rd party intercept.
It reeks of DoD funding to me, more so than all the proven NAI payoffs and moles.
Fast Packet Keying," a new technology based on the RC4® algorithm, is designed to help organizations securely fix the WEP encryption standard. This new WEP solution, developed by RSA Security, Hifn and other members of the 802.11 committee, is designed to generate a unique RC4 key for each data packet sent over the wireless LAN.
The fix to WEP was developed by a working group in which RSA was far from being the sole contributor. It is a bit off for RSA to try to claim the glory for the fix when a significant part of the WEP problem is due to a weakness in the keying scheme of RC4.
The presentation lists as 'key contributors' Jessie Walker of Intel, Bob Beach and Clint Chaplin from Symbol, Ron Brockman of Intersil Nancy Cam-Winget of Atheros Greg Chesson, Atheros Niels Ferguson, MacFergus BV Marty Lefkowitz, TI Bob O'Hara, Blackstorm Networks Dorothy Stanley, Agere Doug Smith, Cisco Albert Young, 3COM
So when RSA wants to get votes it has a dozen 'key contributors'. But when they want to take the credit there are two.
The original algorithm was botched, in part it is claimed (by an informed source) because the original IEEE working group left the crypto to an NSA advisor. Failing to understand the specific weakness of using a stream cipher in general and the specific weaknesses of the RC4 key scheme are the major reasons for the failure of the WEP design.
One could rightly blame the original working group for failing to read up on the litterature and avoid the known flaws of RC4, only RC4 was until recently a proprietary and secret algorithm of RSA. The key scheme flaws were only publicised after RC4 was reverse engineered without RSA approval, and resulted in considerable protest by RSA.
This type of publicity grab is not good for open standards development. It encourages people to release their proposals to the press rather than to the working group.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
....boosting the output of your engine so you can catch up to those 109's.
Hello Anonymous Coward,
We have have been reviewing our network usage policy contract within your account and have discovered a violation of your service. You have transmitted information across our networks with intention of slandering our hard-working staff and creditors. Mr/Mrs. Anonymous Cowheard, we find it unacceptible, calous, and most certainly ill-tempered to accuse Network Associates of utilizing "moles" and "payoffs" of individuals outside of Network Associates to steal your most trusted and secure data. Please take measures on your behalf to prevent such communication from moving across our networks and we will continue your service. You are on notice and your conspirator, pater@slashdot.org, has been notified equally. Thankyou for your time.
- Bob Istan
In reading the posted article and in reviewing some literature concerning WEP security here: CS at Berkeley I was wondering if anyone out there had insight on the nature of the modifications that have been made.
Please excuse my naivety in the field, but from the Berkeley article I gather that not only is the similarity of the packet keys a weakness of WEP (as RSA indicates), but also the use of a 24-bit space for the initialization vectors used to generate the RC4 packet keys.
Now, is the 24-bit space limitation what RSA means by, "similarity of the packet keys", or are they referring to the fact that most boards start the IV at 0 and simply increment for each packet (the end result being numerous IV collisions)?
The reason I wonder is because theoretically, at least, one could construct a table of all IV + key stream combinations in a decryption table (~15Gb according to Berkeley) and thereby gain himself the key to the city, so to speak. So, while limiting the number of IV collisions would certainly make decryption more difficult and certainly more time consuming, it wouldn't make WEP entirely secure. In the event that someone be so determined to monitor WLAN activity for enough time to construct such a table, could users of WEP be exposed?
Have yall seen or heard or read (i.e. Wired this month- sorry) Duwayne Hendrickson. This mad cat is a former ham radio geek who now sits on the FCC advisory board concerning wireless spectrum/FCC part 15 issues. And he is WLANning major Indian reservations and foreign countries; using every trick in his bag. My ignorance notwithstanding, does he care about WEP? Wasn't mentioned in the article.
My contention is this: Keep WEP as messy as swiss cheese. Let everyone have it right on Main St! More access is good access. Individuals with savvy will guard their own cookie jars.
Keep encryption development as open as it can be, rely on the 'market' to force the security issue. The NSA can probably break it anyway. That's why its released for consumers.
snarf liono.
Claatu, Verata, Nic---sig
That's cos' both zdnet and yahoo have had it aaaages ago.
erm, it's supposed to be "strengthen WEP security" not "strengthen WEB security". man, i just misspelled a three letter word.
They've improved WEP?
I've been wating for years for a better Windows Entertainment Pack! I hope they've improved tetris!
Too busy staying alive... ~ R.A.
My question is: Will all of us current wireless users have to buy new cards and access points, or will a firmware update do the job?
I really have to laugh when I hear about people trying to 'improve' WEP. My favorite is Cisco's method of changing the key about every 10 minutes.
The solution is to get rid of WEP all together (before someone REALLY breaks it!) and switch to something which works right. IPSec, SSH, SSL, PPTP all come to mind as protocols which could solve this problem, and never have to be upgraded. Now WEP is a cat and mouse game. Companies will continue to iimprovie it, and individuals will continue to find better ways to crack it. Personally, I'll just pass on an access point all together and get a Unix box with IPSec working as the router. Easy as 1, 2,3 and a hell of a lot more secure than any WEP solutions out there.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Wireless was never meant to be secure. It's a thing where convenience. Lazy Bones Jr. doesn't have to get his fat ass off the sofa to check out his porn sites. Which also means that his 12 year old neighbor with a few empty pringles cans can, with little effort, get Mr. Bones porn passwords. So now instead of it taking 10 minutes for little Johnny to figure out Bones' WEP key. Oh wait, Mr. Bones forgot to patch all his wireless stuff, and woops, Mr. Bones didn't even bother turning on WEP to begin with, so little Johnny is spanking away in no time. Wireless is not secure, WEP doesn't really help out in most cases. Wireless always has been, and always will be a convenience vs. security issue.
So 128-bit WEP plus a bit = 129-bit,
:P
Thats hardly much stronger
WEP might be usable again - once the vendors get their arses in gear.
I spent GBP30 extra on each 128bit WEP card over cheaper WEP cards. I was particulary annoyed to find out 10 weeks later that the encryption was worthless.
If FreeSWAN wasn't such a pain in the arse to compile and configure I'd be using that (I stopped relying on kernel patches after getting my fingers burnt over the international crypto patch - Just downloaded 2.4.16? - latest crypto patch is 2.4.3. Oh and it corrupts your data if you use non-relative block numbers), however now I've had to give up using my cards - I live in a flat, I can use a long piece of cat5.
What I'm waiting for, is for Intel to sort out the problem. I don't care if they don't interoperate with other Wifi cards, I just want a cryptographically secure implementation of IVs with RC4 damn you!
# init 5
Connection closed.
Oh...
I've been wating for years for a better Windows Entertainment Pack! I hope they've improved tetris!
Want an improved tetrisclone? Try Tetanus On Drugs. So improved it'll make your head spin.
Will I retire or break 10K?
- RC4 has been prooven to be vulnerable to a known plaintext attack (any revealed part will reveal any other part encrypted with the same key and using this info will bake it possible to extract more info about the keystream)
- RC4 have a subclass of weak keys. (Only for "even" keysizes like 32, 64, 128, not 40, 56)
- The Random number generator in RC4 have a statistical weakness making it crappy to use; but this can be overcome by generating N number of bytes (i.e. key dependent if one should wish).
Instead of trying to fill out the holes in this swiss cheese - Why not go with AES?
This is by no means a troll!