Slashdot Mirror

← Back to Stories (view on slashdot.org)

WEP Gets A Bit Stronger

Posted by timothy on from the still-not-for-the-nuclear-codes-please dept.

gmr2048 writes: "CNN is reporting that RSA has helped develop "Fast Packet Keying" to strengthen WEP security. More info can be found at the RSA page. Damn, and I'm still working on my Pringles can antenna."

8 of 84 comments (clear)

  1. RC4 by Henry+V+.009 · · Score: 3, Interesting

    They still use the RC4 algorithm, but now they claim to be implementing it right. Might actually keep the bad folk out if they can get the patches out to everybody.

    1. Re:RC4 by Anonymous Coward · · Score: 1, Interesting

      RC4 is cryptographically broken. it doesnt matter how good your implementation is -- its still a broken algorithm.

  2. OT: pringle cans by kwj8fty1 · · Score: 3, Interesting

    Speaking of pringles cans, we just built a ton of them at the last seattlewireless meeting. We're seeing a 10 to 13db gain from a $5-10 antenna.

    You can see pictures here:

    http://www.seattlewireless.net/index.cgi/DecemberM eetingPictures2001

  3. Practical mathematics by s20451 · · Score: 3, Interesting

    From http://www.rsasecurity.com/rsalabs/index.html:

    Why is WEP Broken?
    The weakness in WEP stems back to a key derivation problem in the standard. ... While the WEP standard had specified using different keys for different data packets, the key derivation function (how to derive a key from a common starting point) was flawed.

    To all you undergrads doing math exams this week: yes, you really do have to know how to do this in the real world!

    --
    Toronto-area transit rider? Rate your ride.
  4. This is great news! by IIOIOOIOO · · Score: 2, Interesting

    Now they just need to improve things to the point that they can boldly advertise wireless security to the consumer public without having fear of getting burned. You've perhaps wondered why we've never heard any w-commerce commercials touting the security of wireless banking transactions? That's because they aren't, at least not yet. Heck, they still have trouble with the plain-ol' landlocked net.

  5. Why do packet-level encryption ? by Rosco+P.+Coltrane · · Score: 5, Interesting
    Seems to me that the most secure way to do wireless networking is to set up encrypted tunnels :

    No bad guy will ever be able to use the network anyway.

    You have the choice of encryption policy you want to use and you're in control on how secure you want the network to be.

    The overhead of encrypting the packet headers is avoided (granted, the card is supposed to do that transparently, but still I have seen significant slowdowns in lag and throughput when playing with WEP).

    The only drawbacks I can think of with doing your own protocol-level encryption are :

    Bad guys can still see your bastion host or VPN gateway in clear and have a go at it (DoS or otherwise), and script kiddies might want to have a try because they think it's in clear, while when they see WEP in place they might not even try.

    You have to set up a VPN and the infrastructure that goes with it (duh) while you don't have to with WEP.

    It's a little harder for Windows users to use your service, if you use PPTP, or it's impossible altogether if you use something Windows doesn't understand, or it's costly because you have to buy third-party Windows VPN software (I don't deal with Windows users, thank God, so problem solved for me).

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  6. More Secure, but not? by SloppyElvis · · Score: 3, Interesting

    In reading the posted article and in reviewing some literature concerning WEP security here: CS at Berkeley I was wondering if anyone out there had insight on the nature of the modifications that have been made.

    Please excuse my naivety in the field, but from the Berkeley article I gather that not only is the similarity of the packet keys a weakness of WEP (as RSA indicates), but also the use of a 24-bit space for the initialization vectors used to generate the RC4 packet keys.

    Now, is the 24-bit space limitation what RSA means by, "similarity of the packet keys", or are they referring to the fact that most boards start the IV at 0 and simply increment for each packet (the end result being numerous IV collisions)?

    The reason I wonder is because theoretically, at least, one could construct a table of all IV + key stream combinations in a decryption table (~15Gb according to Berkeley) and thereby gain himself the key to the city, so to speak. So, while limiting the number of IV collisions would certainly make decryption more difficult and certainly more time consuming, it wouldn't make WEP entirely secure. In the event that someone be so determined to monitor WLAN activity for enough time to construct such a table, could users of WEP be exposed?

  7. Do gurus care? by snarf_snarf · · Score: 2, Interesting

    Have yall seen or heard or read (i.e. Wired this month- sorry) Duwayne Hendrickson. This mad cat is a former ham radio geek who now sits on the FCC advisory board concerning wireless spectrum/FCC part 15 issues. And he is WLANning major Indian reservations and foreign countries; using every trick in his bag. My ignorance notwithstanding, does he care about WEP? Wasn't mentioned in the article.

    My contention is this: Keep WEP as messy as swiss cheese. Let everyone have it right on Main St! More access is good access. Individuals with savvy will guard their own cookie jars.

    Keep encryption development as open as it can be, rely on the 'market' to force the security issue. The NSA can probably break it anyway. That's why its released for consumers.

    snarf liono.

    --
    Claatu, Verata, Nic---sig