Slashdot Mirror
WEP Gets A Bit Stronger
gmr2048 writes: "CNN is reporting that RSA has helped develop "Fast Packet Keying" to strengthen WEP security. More info can be found at the RSA page. Damn, and I'm still working on my Pringles can antenna."
← Back to Stories (view on slashdot.org)
They still use the RC4 algorithm, but now they claim to be implementing it right. Might actually keep the bad folk out if they can get the patches out to everybody.
literally just finished reading the cnet version of this story, which included a statement like the following:
"... does not address any new holes that might crop up"
can I be the first to tell cnet "DUH!"
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Speaking of pringles cans, we just built a ton of them at the last seattlewireless meeting. We're seeing a 10 to 13db gain from a $5-10 antenna.
M eetingPictures2001
You can see pictures here:
http://www.seattlewireless.net/index.cgi/December
From http://www.rsasecurity.com/rsalabs/index.html:
Why is WEP Broken? ... While the WEP standard had specified using
different keys for different data packets, the key derivation function (how to derive
a key from a common starting point) was flawed.
The weakness in WEP stems back to a key derivation problem in the standard.
To all you undergrads doing math exams this week: yes, you really do have to know how to do this in the real world!
Toronto-area transit rider? Rate your ride.
Now they just need to improve things to the point that they can boldly advertise wireless security to the consumer public without having fear of getting burned. You've perhaps wondered why we've never heard any w-commerce commercials touting the security of wireless banking transactions? That's because they aren't, at least not yet. Heck, they still have trouble with the plain-ol' landlocked net.
This means I have to go back to just reading my own mail for the time being?
;)
Just when my neighbor's online affair was getting interesting.
______
Once: you're a philosopher. Twice: a pervert.
No bad guy will ever be able to use the network anyway.
You have the choice of encryption policy you want to use and you're in control on how secure you want the network to be.
The overhead of encrypting the packet headers is avoided (granted, the card is supposed to do that transparently, but still I have seen significant slowdowns in lag and throughput when playing with WEP).
The only drawbacks I can think of with doing your own protocol-level encryption are :
Bad guys can still see your bastion host or VPN gateway in clear and have a go at it (DoS or otherwise), and script kiddies might want to have a try because they think it's in clear, while when they see WEP in place they might not even try.
You have to set up a VPN and the infrastructure that goes with it (duh) while you don't have to with WEP.
It's a little harder for Windows users to use your service, if you use PPTP, or it's impossible altogether if you use something Windows doesn't understand, or it's costly because you have to buy third-party Windows VPN software (I don't deal with Windows users, thank God, so problem solved for me).
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
All they need to do is go straight to your ISP, setup a box, capture all your traffic, and anyone else's at the same time.
Much easier that leaving the "Flowers By Irene" truck outside your house around the clock...
______
Once: you're a philosopher. Twice: a pervert.
Fast Packet Keying," a new technology based on the RC4® algorithm, is designed to help organizations securely fix the WEP encryption standard. This new WEP solution, developed by RSA Security, Hifn and other members of the 802.11 committee, is designed to generate a unique RC4 key for each data packet sent over the wireless LAN.
The fix to WEP was developed by a working group in which RSA was far from being the sole contributor. It is a bit off for RSA to try to claim the glory for the fix when a significant part of the WEP problem is due to a weakness in the keying scheme of RC4.
The presentation lists as 'key contributors' Jessie Walker of Intel, Bob Beach and Clint Chaplin from Symbol, Ron Brockman of Intersil Nancy Cam-Winget of Atheros Greg Chesson, Atheros Niels Ferguson, MacFergus BV Marty Lefkowitz, TI Bob O'Hara, Blackstorm Networks Dorothy Stanley, Agere Doug Smith, Cisco Albert Young, 3COM
So when RSA wants to get votes it has a dozen 'key contributors'. But when they want to take the credit there are two.
The original algorithm was botched, in part it is claimed (by an informed source) because the original IEEE working group left the crypto to an NSA advisor. Failing to understand the specific weakness of using a stream cipher in general and the specific weaknesses of the RC4 key scheme are the major reasons for the failure of the WEP design.
One could rightly blame the original working group for failing to read up on the litterature and avoid the known flaws of RC4, only RC4 was until recently a proprietary and secret algorithm of RSA. The key scheme flaws were only publicised after RC4 was reverse engineered without RSA approval, and resulted in considerable protest by RSA.
This type of publicity grab is not good for open standards development. It encourages people to release their proposals to the press rather than to the working group.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Hello Anonymous Coward,
We have have been reviewing our network usage policy contract within your account and have discovered a violation of your service. You have transmitted information across our networks with intention of slandering our hard-working staff and creditors. Mr/Mrs. Anonymous Cowheard, we find it unacceptible, calous, and most certainly ill-tempered to accuse Network Associates of utilizing "moles" and "payoffs" of individuals outside of Network Associates to steal your most trusted and secure data. Please take measures on your behalf to prevent such communication from moving across our networks and we will continue your service. You are on notice and your conspirator, pater@slashdot.org, has been notified equally. Thankyou for your time.
- Bob Istan
In reading the posted article and in reviewing some literature concerning WEP security here: CS at Berkeley I was wondering if anyone out there had insight on the nature of the modifications that have been made.
Please excuse my naivety in the field, but from the Berkeley article I gather that not only is the similarity of the packet keys a weakness of WEP (as RSA indicates), but also the use of a 24-bit space for the initialization vectors used to generate the RC4 packet keys.
Now, is the 24-bit space limitation what RSA means by, "similarity of the packet keys", or are they referring to the fact that most boards start the IV at 0 and simply increment for each packet (the end result being numerous IV collisions)?
The reason I wonder is because theoretically, at least, one could construct a table of all IV + key stream combinations in a decryption table (~15Gb according to Berkeley) and thereby gain himself the key to the city, so to speak. So, while limiting the number of IV collisions would certainly make decryption more difficult and certainly more time consuming, it wouldn't make WEP entirely secure. In the event that someone be so determined to monitor WLAN activity for enough time to construct such a table, could users of WEP be exposed?
Have yall seen or heard or read (i.e. Wired this month- sorry) Duwayne Hendrickson. This mad cat is a former ham radio geek who now sits on the FCC advisory board concerning wireless spectrum/FCC part 15 issues. And he is WLANning major Indian reservations and foreign countries; using every trick in his bag. My ignorance notwithstanding, does he care about WEP? Wasn't mentioned in the article.
My contention is this: Keep WEP as messy as swiss cheese. Let everyone have it right on Main St! More access is good access. Individuals with savvy will guard their own cookie jars.
Keep encryption development as open as it can be, rely on the 'market' to force the security issue. The NSA can probably break it anyway. That's why its released for consumers.
snarf liono.
Claatu, Verata, Nic---sig
portions of encryption technologies are already implemented in the Intel Pro100 network cards.
i dont know how hard it would be to offload portions of IPSec to the network card. i know that freebsd can do checksum offloading if the network card supports it.
They've improved WEP?
I've been wating for years for a better Windows Entertainment Pack! I hope they've improved tetris!
Too busy staying alive... ~ R.A.
I really have to laugh when I hear about people trying to 'improve' WEP. My favorite is Cisco's method of changing the key about every 10 minutes.
The solution is to get rid of WEP all together (before someone REALLY breaks it!) and switch to something which works right. IPSec, SSH, SSL, PPTP all come to mind as protocols which could solve this problem, and never have to be upgraded. Now WEP is a cat and mouse game. Companies will continue to iimprovie it, and individuals will continue to find better ways to crack it. Personally, I'll just pass on an access point all together and get a Unix box with IPSec working as the router. Easy as 1, 2,3 and a hell of a lot more secure than any WEP solutions out there.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
FreeS/WAN can now be compiled as a module, and is therefore more likely to be resiliant across kernel versions.
Unfortunately there is little or no chance of getting any real encryption into the kernel, due to various laws etc.
Yes, FreeS/WAN is a pain. Quite quite braindamaged/damaging in places. Maybe OpenBSD's IPSEC implementation is better; I'm waiting for a new machine to test it on.
-Yarn - Rio Karma: Excellent