Slashdot Mirror
WEP Gets A Bit Stronger
gmr2048 writes: "CNN is reporting that RSA has helped develop "Fast Packet Keying" to strengthen WEP security. More info can be found at the RSA page. Damn, and I'm still working on my Pringles can antenna."
← Back to Stories (view on slashdot.org)
They still use the RC4 algorithm, but now they claim to be implementing it right. Might actually keep the bad folk out if they can get the patches out to everybody.
literally just finished reading the cnet version of this story, which included a statement like the following:
"... does not address any new holes that might crop up"
can I be the first to tell cnet "DUH!"
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
Speaking of pringles cans, we just built a ton of them at the last seattlewireless meeting. We're seeing a 10 to 13db gain from a $5-10 antenna.
M eetingPictures2001
You can see pictures here:
http://www.seattlewireless.net/index.cgi/December
From http://www.rsasecurity.com/rsalabs/index.html:
Why is WEP Broken? ... While the WEP standard had specified using
different keys for different data packets, the key derivation function (how to derive
a key from a common starting point) was flawed.
The weakness in WEP stems back to a key derivation problem in the standard.
To all you undergrads doing math exams this week: yes, you really do have to know how to do this in the real world!
Toronto-area transit rider? Rate your ride.
This means I have to go back to just reading my own mail for the time being?
;)
Just when my neighbor's online affair was getting interesting.
______
Once: you're a philosopher. Twice: a pervert.
No bad guy will ever be able to use the network anyway.
You have the choice of encryption policy you want to use and you're in control on how secure you want the network to be.
The overhead of encrypting the packet headers is avoided (granted, the card is supposed to do that transparently, but still I have seen significant slowdowns in lag and throughput when playing with WEP).
The only drawbacks I can think of with doing your own protocol-level encryption are :
Bad guys can still see your bastion host or VPN gateway in clear and have a go at it (DoS or otherwise), and script kiddies might want to have a try because they think it's in clear, while when they see WEP in place they might not even try.
You have to set up a VPN and the infrastructure that goes with it (duh) while you don't have to with WEP.
It's a little harder for Windows users to use your service, if you use PPTP, or it's impossible altogether if you use something Windows doesn't understand, or it's costly because you have to buy third-party Windows VPN software (I don't deal with Windows users, thank God, so problem solved for me).
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Fast Packet Keying," a new technology based on the RC4® algorithm, is designed to help organizations securely fix the WEP encryption standard. This new WEP solution, developed by RSA Security, Hifn and other members of the 802.11 committee, is designed to generate a unique RC4 key for each data packet sent over the wireless LAN.
The fix to WEP was developed by a working group in which RSA was far from being the sole contributor. It is a bit off for RSA to try to claim the glory for the fix when a significant part of the WEP problem is due to a weakness in the keying scheme of RC4.
The presentation lists as 'key contributors' Jessie Walker of Intel, Bob Beach and Clint Chaplin from Symbol, Ron Brockman of Intersil Nancy Cam-Winget of Atheros Greg Chesson, Atheros Niels Ferguson, MacFergus BV Marty Lefkowitz, TI Bob O'Hara, Blackstorm Networks Dorothy Stanley, Agere Doug Smith, Cisco Albert Young, 3COM
So when RSA wants to get votes it has a dozen 'key contributors'. But when they want to take the credit there are two.
The original algorithm was botched, in part it is claimed (by an informed source) because the original IEEE working group left the crypto to an NSA advisor. Failing to understand the specific weakness of using a stream cipher in general and the specific weaknesses of the RC4 key scheme are the major reasons for the failure of the WEP design.
One could rightly blame the original working group for failing to read up on the litterature and avoid the known flaws of RC4, only RC4 was until recently a proprietary and secret algorithm of RSA. The key scheme flaws were only publicised after RC4 was reverse engineered without RSA approval, and resulted in considerable protest by RSA.
This type of publicity grab is not good for open standards development. It encourages people to release their proposals to the press rather than to the working group.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
In reading the posted article and in reviewing some literature concerning WEP security here: CS at Berkeley I was wondering if anyone out there had insight on the nature of the modifications that have been made.
Please excuse my naivety in the field, but from the Berkeley article I gather that not only is the similarity of the packet keys a weakness of WEP (as RSA indicates), but also the use of a 24-bit space for the initialization vectors used to generate the RC4 packet keys.
Now, is the 24-bit space limitation what RSA means by, "similarity of the packet keys", or are they referring to the fact that most boards start the IV at 0 and simply increment for each packet (the end result being numerous IV collisions)?
The reason I wonder is because theoretically, at least, one could construct a table of all IV + key stream combinations in a decryption table (~15Gb according to Berkeley) and thereby gain himself the key to the city, so to speak. So, while limiting the number of IV collisions would certainly make decryption more difficult and certainly more time consuming, it wouldn't make WEP entirely secure. In the event that someone be so determined to monitor WLAN activity for enough time to construct such a table, could users of WEP be exposed?
I really have to laugh when I hear about people trying to 'improve' WEP. My favorite is Cisco's method of changing the key about every 10 minutes.
The solution is to get rid of WEP all together (before someone REALLY breaks it!) and switch to something which works right. IPSec, SSH, SSL, PPTP all come to mind as protocols which could solve this problem, and never have to be upgraded. Now WEP is a cat and mouse game. Companies will continue to iimprovie it, and individuals will continue to find better ways to crack it. Personally, I'll just pass on an access point all together and get a Unix box with IPSec working as the router. Easy as 1, 2,3 and a hell of a lot more secure than any WEP solutions out there.
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant