Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Fast Packet Keying" Improvements to WEP

Posted by michael on from the what-me-worry dept.

Weedstock writes: "BBC Tech News has an article about the latest development in wireless networking security. It seems that RSA Security has improved the encryption system used by the protocol. Will this new update finally make wireless networking secure? You can also find a list of papers about wireless security issues here." RSA has a press release about their changes to WEP being accepted by the 802.11 committee.

4 of 88 comments (clear)

  1. Been said many times, but.. by infiniti99 · · Score: 2, Informative

    Just use a form of VPN to get your security over a wireless network. Remember, ethernet isn't secure either.

    It is probably better to use your own encryption tools anyway, since built-in schemes will likely be obsoleted eventually.

  2. IPSec *yawn* by Anonymous Coward · · Score: 1, Informative

    IPSec solves this problem. And the much more common of someone plugging into a wire or hub between point A and point B. And the man-in-the-middle problem, for some networks. For some reason people seem to think it'l only work with IPv6 but it works fine with IPv4. You don't need to pay extra for a card that supports >40 bit encryption, either. All you need is an OS that supports it. Even Microsoft supports IPSec these days. Why are people still worrying about 802.11-level encryption when true end-to-end encryption is better and cheaper?

  3. not that secure by xtp · · Score: 5, Informative

    The press releases are designed to soothe security-minded corporate customers and disguise the remaining technical issues with WEP, such as
    1. the key-mixing technique was diluted in strength so that the overhead of firmware upgrades would be acceptable. The "improved" technique has been changed a few times as weaknesses were discovered. It is quite possible that the new WEP can be cracked as thoroughly as the original.
    2. the key-mixing technique requires that a new temporal key be set up every 16K packets - a sign of weakness. The 802.1X procedures for setting up the temporal keys have not been finalized and contain weaknesses.
    3. it is debateable whether the 802.1X temporal key procedures, once finalized, will be practical at higher PHY rates of 802.11g or 802.11a since the rate of temporal key updates must be greater than the lower rates needed for 11b.

    It is more foolproof to rely on IPSEC as other posters observe. The argument against IPSEC and for wireless link crypto is based on the perceived overhead of forcing everything on an internal enterprise network to run IPSEC so that the wireless subnet can be secure. For SOHO setups this should not be an issue.

  4. Re:Credit where credit is due? by Anonymous Coward · · Score: 1, Informative

    The web page at RSA security lists someone from RSA Labs as being a co-author for the IEEE paper, wasn't the same name as the marketing droid.

    See http://www.rsasecurity.com/rsalabs/technotes/wep-f ix.html