WEP Broken Even Worse

collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."

Re:Can ARC4 be used properly at all?

[stinerman]

The problems with WEP have nothing to do with RC4. The problem is that the initialization vectors end up being reused because they are only 24 bits. Reusing IVs is a major no-no when dealing with a stream cipher. And to compound that, the implementation allows for a 50% chance to use the same IV after only 5000 packets. (see wikipedia)

RC4 is still just as secure as it was before these WEP attacks.

Corporate Greed

[Lead+Butthead]

My understanding is that it should be easy enough to implement WPA on older (.11a/b) hardware, but companies much rather sell end user new hardware (.11g etc.) than spending development time to upgrade old hardware (that does not generate additional revenue.) This is evident in that Apple's old AirPort (.11b) does support WPA but other venders' (that would include YOU, Linksys) old .11a/b products do not.