WEP Broken Even Worse

collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."

Can ARC4 be used properly at all?

[Myria]

Can ARC4 be used securely at all? Or are WEP's failings its own fault?

On a somewhat related note, I'm annoyed that wireless encryption was implemented in hardware. Nintendo DS's wireless is worthless to me since the encryption system can't be upgraded.

Re:Can ARC4 be used properly at all?

[Scoth]

My problem is I tend to be a wanderer. I might be surfing the web in my computer room, boot up the laptop and go sit on the couch for awhile and surf while watching the news or something, then go into the bedroom and play a few webgames while my fiancee works on homework, then maybe go sit on the back deck in the evening and get a little extra work done. Short of really long cables, or lots of plugging/unplugging, going wired isn't really practical. Of course, I guess that's what WPA and other better wireless security setups are for, although ideally I'd set up my DD-WRT with the wireless on a different segment. I'll get to it sooner or later. I've mostly made do with frequently rotated and never repeated wep keys, although that was going on the assumption of needing to capture tons of packets to crack it. This new thing throws that a bit out of whack...

Does this still depend on weak IVs?

[Zarhan]

For some reason I can't get the paper to load, but anyway, does this still depend on weak initialization vectors?

I know that the original attack did depend on that, and most software and basestations have since been configured to avoid those weak IVs. I know that some stuff (like Nokia's basestations) are still weak agains the original attack (at least when tested with Kismet), however, against Cisco Aironets and almost any newer hardware I haven't been able to see this weakness in action when trying out if it really works...

(Terabeam uses the term "WEPPlus" about this - see http://www.terabeam.com/solutions/whitepapers/wep- plus.php )

Anyway, if this is just extension of the original attack, then it still requires those weak IVs to exist.

Or is it something completely new?

What about 64 and 128 bit?

[andy55]

This may be a dumb question, but why does TFA only refer to 40 and 104 bit WEP when the more common variants seem to be 64 and 128 bits?

10 minutes, 1 minute... no big deal

[geekinaseat]

This isn't really news. It's pretty smart that they have managed to crack WEP with so few IVs (it usually takes about 200,000 for 64bit and just under a million for 128bit) but in reality this doesn't change (or expose) WEPs inherent vuneribilities at all, for example I am currently doing my dissertation on wireless security and in tests WEP64 on average can be cracked in about 3 minutes and WEP128 in about 10 minutes so getting this down to a minute doesn't really change the fact that a hacker could capture enough packets simply by hanging around and drinking a coffee using the "old" tools.

An interesting sidenote is that the amount of time a hacker needs to be near a target WLAN for WPA-PSK is measured in seconds making it much more insecure if it has a weak passphrase than WEP is even now with crack times under a minute.

Please if you want a secure home wireless network choose WPA-PSK and make the passphrase as long and as abstract as possible, nothing else is safe -and if you have the cash... buy a radius server

Re:Who even still users WEP?

[Technician]

No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).

No. We use some prety antique hardware (laptop with embedded 11b no WPA). We are fairly remote so the number of potential attackers is pretty slim. To discourage them, DHCP is truned on. The DHCP range is blocked from the gateway by access control. To get a leachable connection, you will need to spoof a MAC address, use a fixed IP address, and hope we are not online at the moment. A conflict will be noticed.

We don't need a hack proof wireless. We just need to be more difficult than our neighbors.

Re:Who even still users WEP?

[nutshell42]

Well, from a legal POV the plausible deniability an unsecured WLAN offers is quite tempting.

As long as you secure your computers and data (and if you're not charged by the GB), it's really useful to be able to tell the judge that it was teH h4X0rZz when the RIAA rings at your door.