Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP Gets A Bit Stronger

Posted by timothy on from the still-not-for-the-nuclear-codes-please dept.

gmr2048 writes: "CNN is reporting that RSA has helped develop "Fast Packet Keying" to strengthen WEP security. More info can be found at the RSA page. Damn, and I'm still working on my Pringles can antenna."

5 of 84 comments (clear)

  1. Re:But . . . by 4mn0t1337 · · Score: 2, Insightful
    If the feds want your mail, I doubt they are going to set up an agent with a laptop outside your house 24/7 just to capture your data stream.


    All they need to do is go straight to your ISP, setup a box, capture all your traffic, and anyone else's at the same time.

    Much easier that leaving the "Flowers By Irene" truck outside your house around the clock...

    --

    ______
    Once: you're a philosopher. Twice: a pervert.

  2. It's pretty ridiculous by evilviper · · Score: 4, Insightful

    I really have to laugh when I hear about people trying to 'improve' WEP. My favorite is Cisco's method of changing the key about every 10 minutes.

    The solution is to get rid of WEP all together (before someone REALLY breaks it!) and switch to something which works right. IPSec, SSH, SSL, PPTP all come to mind as protocols which could solve this problem, and never have to be upgraded. Now WEP is a cat and mouse game. Companies will continue to iimprovie it, and individuals will continue to find better ways to crack it. Personally, I'll just pass on an access point all together and get a Unix box with IPSec working as the router. Easy as 1, 2,3 and a hell of a lot more secure than any WEP solutions out there.

    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    1. Re:It's pretty ridiculous by kurowski · · Score: 2, Insightful
      IPSec, SSH, SSL, PPTP all come to mind as protocols which could solve this problem, and never have to be upgraded.

      so, i suppose you're still using SSLv2 and SSH1? no? why not? perhaps because of the security flaws found in each of them?

    2. Re:It's pretty ridiculous by kurowski · · Score: 2, Insightful

      It's interesting that you refer to WEP as being a "cat and mouse" game but don't want to admit that SSH1 was largely the same thing, as summed up in http://www.openssh.com/goals.html

      just why do you think we have ssh1 (1.3) and ssh1 (1.5) and, for that matter, ssh2? regardless of implementation details (and for that matter, nobody's perfect) the ssh1 protocol had problems.

      Re SSLv2: ciphersuite rollback attack is bad news. read the background section of http://www.counterpane.com/ssl.html

      point being, sure WEP may have flaws, but then again, flaws have also been discovered in those other great "never need to upgrade" protocols you mention.

  3. Why do they insist on RC4? by Anonymous Coward · · Score: 1, Insightful

    - RC4 has been prooven to be vulnerable to a known plaintext attack (any revealed part will reveal any other part encrypted with the same key and using this info will bake it possible to extract more info about the keystream)

    - RC4 have a subclass of weak keys. (Only for "even" keysizes like 32, 64, 128, not 40, 56)

    - The Random number generator in RC4 have a statistical weakness making it crappy to use; but this can be overcome by generating N number of bytes (i.e. key dependent if one should wish).

    Instead of trying to fill out the holes in this swiss cheese - Why not go with AES?