WEP Broken Even Worse

← Back to Stories (view on slashdot.org)

Posted by kdawson on Tuesday April 3, 2007 @09:43AM from the give-me-a-minute dept.

collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."

28 of 393 comments (clear)

Min score:

Reason:

Sort:

Can ARC4 be used properly at all? by Myria · 2007-04-03 09:48 · Score: 5, Interesting

Can ARC4 be used securely at all? Or are WEP's failings its own fault?

On a somewhat related note, I'm annoyed that wireless encryption was implemented in hardware. Nintendo DS's wireless is worthless to me since the encryption system can't be upgraded.

--
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
1. Re:Can ARC4 be used properly at all? by Lehk228 · 2007-04-03 10:03 · Score: 4, Insightful
  
  disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers
  
  --
  Snowden and Manning are heroes.
2. Re:Can ARC4 be used properly at all? by drinkypoo · 2007-04-03 10:06 · Score: 4, Insightful
  
  disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers
  
  Login authentication does not prevent a man in the middle attack of the breakin sort.
  
  You need end to end encryption, including encrypted login and certificate verification with secure exchange made pre-connection to provide security over a wireless link.
  
  Just another reason why if it's not a PDA or a tablet, you should be using a wire. You can get 100' or more of CAT5E for the price of a 802.11G access point, and an 8 port 10/100 FDX switch with port autonegotiation (auto-crossover, too) is about $20. Good jacks will run you $5 per end. Patch cables are a buck and longer cables are just a few bucks.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
3. Re:Can ARC4 be used properly at all? by stinerman · 2007-04-03 10:07 · Score: 5, Informative
  
  The problems with WEP have nothing to do with RC4. The problem is that the initialization vectors end up being reused because they are only 24 bits. Reusing IVs is a major no-no when dealing with a stream cipher. And to compound that, the implementation allows for a 50% chance to use the same IV after only 5000 packets. (see wikipedia)
  
  RC4 is still just as secure as it was before these WEP attacks.
4. Re:Can ARC4 be used properly at all? by qbwiz · 2007-04-03 10:14 · Score: 5, Funny
  
  Dragging 300' of cable throughout and around your house to use your laptop anywhere you want: priceless.
  
  --
  Ewige Blumenkraft.
5. Re:Can ARC4 be used properly at all? by Belial6 · 2007-04-03 10:20 · Score: 5, Insightful
  
  I agree with you. That is why I really annoys me that in this day and age, builders are still not putting conduit in walls during construction. I understand a 20 year old house not having conduit in the walls. I can even understand a 10 year old house not having conduit, but any house built in the last 5 years should have conduit to every room. We already know that whatever is in the walls today will be inadequate in another 10 years.
6. Re:Can ARC4 be used properly at all? by linuxmop · 2007-04-03 10:22 · Score: 4, Informative
  
  Wireless encryption is (often) implemented in hardware because encryption is expensive to perform. This is especially true on embedded platforms like the DS.
  
  However, you can apparently upgrade your DS to support WPA with a hacked firmware. It's not clear from the page, but I am fairly sure that it only supports TKIP encryption and not AES since, like WEP, TKIP uses RC4 so does not require a hardware upgrade. It does, however, solve the initialization vector problems of WEP that another poster mentioned; as far as I know, TKIP has not been broken.
  
  Moral? If you're still using WEP, update your drivers and firmware and you may be able to get TKIP WPA and get those pesky neighbors off of your connection.
7. Re:Can ARC4 be used properly at all? by valkraider · 2007-04-03 10:32 · Score: 5, Insightful
  
  Unless you live in an apartment, this is not remotely true. Running your own wires is, well, trivial unless you are physically disabled in some significant way.
  
  Uhmm, methinks you have not actually done this much... Or at least not in many houses.
  
  Things like lath&plaster, plumbing, strange placement of studs, lack of crawlspaces, windows, carpet, laminates, tile, doors, fireplaces, and foundations - all sorts of stuff really makes it not, well, trivial.
8. Re:Can ARC4 be used properly at all? by spun · 2007-04-03 10:50 · Score: 4, Funny
  
  Thank you! It's not as trivial as the GP makes it sound at all. I had a buddy who drilled through a wall and straight into the mains once. Yeah, that's it, a buddy of mine. Not me. Really, I'd never be that dumb.
  
  --
  - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
9. Re:Can ARC4 be used properly at all? by kakos · 2007-04-03 10:58 · Score: 5, Insightful
  
  Get a clue. The weakness in WEP has everything to do with a vulnerability in RC4 (specifically this one). The vulnerability is due to the fact that there is a weakness in RC4's key scheduling algorithm that allows an attacker to obtain the whole key from only a very few bits that just happen to be in the first 24-bits of the key. Since the IV does repeat, it is easy to obtain packets with the weak key bits. However, if WEP did not use RC4, that vulnerability wouldn't be there and you couldn't break WEP using that attack.
10. Re:Can ARC4 be used properly at all? by rossz · 2007-04-03 12:04 · Score: 5, Insightful
  
  You've obviously have never been married.
  
  --
  -- Will program for bandwidth
11. Re:Can ARC4 be used properly at all? by dotgain · 2007-04-03 12:50 · Score: 4, Informative
  
  Ethernet max segment length is 100 metres, not feet.
12. Re:Can ARC4 be used properly at all? by woolio · 2007-04-03 13:41 · Score: 4, Funny
  
  I had a buddy who drilled through a wall and straight into the mains once.
  
  Your use of past tense is all the more curious.
13. Re:Can ARC4 be used properly at all? by Belial6 · 2007-04-03 14:26 · Score: 4, Insightful
  
  That is a perfect example of what I consider a bad builder. One that is putting in things that are designed to make people THINK they are getting quality, when they really are not. I could care less about Cat-5 and coax, if you just put in a conduit. That builder has already created a situation where the wiring is out dated. Gigabit wants Cat-6. If he had put in conduit, every one of his houses could be rewired by the homeowner with very little fuss. But since the builder didn't care if the house was maintainable, he just slapped in some wire, and sprinted that he did it as a bullet point on the sales sheet. Part of the problem though is that the buyers ooohhh and ahhhh about the cat-5, and don't even think about what they are going to do in a few years.
14. Re:Can ARC4 be used properly at all? by thealsir · 2007-04-03 17:23 · Score: 5, Insightful
  
  Common Slashdot Format(TM)
  
  1. Story posted about $SECURITY_PROTOCOL being broken on $BROKEN_DATE at $SEVERITY
  2. Comments ensue recommending ridiculously complex/impractical solutions (in typical slashdot lore) getting modded up
  3. Comments ensue about how ridiculous and complex those impractical solutions are, getting modded down/up on a 50/50 basis
  4. Actual common-to-do, easy to implement solutions, like the WPA2 in linksys routers, are not discussed or modded
  5. Extreme architecture biases/overall naivete about NO security implementation being completely secure is prevalent in a lot of comments
  6. Sometimes, people come in to right these fallacies in the free market way, by posting.
  
  Put short, wires are not a solution, no encryption protocol is flawless, the risks/rewards of wireless should be known and the technology should be used accordingly. But improvements in protocol and advancements in technology, especially relatively easy to implement ones, should be emphasized.
  
  --
  Do not downmod posts "overrated" simply because you disagree with them.
Back in the courtroom by Nom+du+Keyboard · 2007-04-03 09:53 · Score: 5, Funny

Your Honor, I was using WEP on my Linksys when the RIAA claimed their agents, Media Sentry, claimed that my IP address was involved in illegal filesharing. I was taking the best precautions my poor little 802.11b router can handle. Allow me to now introduce a paper here explaining how my system can be broken by the average desktop computer in less than a minute.
Case Dismissed!

--
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Re:Who even still users WEP? by Knara · 2007-04-03 09:54 · Score: 4, Insightful

No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).
Re:Who even still users WEP? by ukatoton · 2007-04-03 09:57 · Score: 5, Insightful

2 words: Legacy Hardware I have 2 computers in my house with cards that don't support WPA. If I were to set my router to run with WPA, then my sister would not be able to connect to the network. If i told her the security implications, she wouldn't understand nor care. Upgrading the network would mean me footing the bill for new wireless cards unless I can convince my dad that there is a real reason to upgrade to better security. However, this is unlikely.
Re:Does this still depend on weak IVs? by tbo · 2007-04-03 10:06 · Score: 4, Informative

For some reason I can't get the paper to load, but anyway, does this still depend on weak initialization vectors?

According to the article, the attack does not require weak IVs. They haven't actually tested against WEPplus, but expect the attack to still work against it. In other words, WEP in all its forms is now nothing more than an electronic "No trespassing sign" and 3-foot fence.
Re:What about 64 and 128 bit? by !ramirez · 2007-04-03 10:07 · Score: 4, Informative

Because there's a 24-bit IV, or initialization vector, that is not strictly considered part of the keyspace.
No problem for me by NotFamous · 2007-04-03 10:19 · Score: 5, Funny

I use 56-bit WEP and I've never had.... ATTN: YOU HAVE WON THE IRISH LOTTERY PLEASE respons immediately to... ...so I don't see why it is a big deal?

--
Some settling may occur during posting.
Today on duh news. by kinglink · 2007-04-03 10:22 · Score: 4, Funny

WEP insecure! Coming up at 6PM Bill Gates still really really rich.
Re:Who even still users WEP? by drinkypoo · 2007-04-03 10:29 · Score: 4, Insightful

So.. your answer is "people who don't upgrade." Not to sound discriminatory, but I'm pretty sure he wasn't including you in the question, much the way when I say "Who doesn't run a firewall?" I'm not including people who still use C64s. Talk to us again when all your hardware supports WPA, but you still use WEP anyway.

Well, that was an incredibly arrogant response from someone who refuses to examine reality.

How many environments are you familiar with in which everything is always upgraded all at the same time, in which all of the hardware works the first time, and in which you never become dependent on a legacy product for any length of time?

Here in the really real world, we often have reasons to utilize legacy hardware. What if I've got one of those $1500 bar code scanner boxes and it doesn't support WPA and there's no upgrade to provide it? Am I going to spend $1600 for this year's model with two more buttons and WPA support? Or am I going to keep using this device as long as I think I can get away with it? What if I don't have budget to buy a replacement? What if it's not even my decision?

Like I said, here in the real world, we often have to use suboptimal equipment. And I assure you that huge numbers of corporations, including those amongst the fortune whatever, are still using wifi gear with no WPA support on a daily basis.

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Corporate Greed by Lead+Butthead · 2007-04-03 10:47 · Score: 5, Informative

My understanding is that it should be easy enough to implement WPA on older (.11a/b) hardware, but companies much rather sell end user new hardware (.11g etc.) than spending development time to upgrade old hardware (that does not generate additional revenue.) This is evident in that Apple's old AirPort (.11b) does support WPA but other venders' (that would include YOU, Linksys) old .11a/b products do not.

--
ELOI, ELOI, LAMA SABACHTHANI!?
Re:Nice try but... by wolrahnaes · 2007-04-03 11:00 · Score: 4, Informative

WPA "cracks" are all just brute force, which you could also do with WEP and any other encryption algorithm. It just takes fucking forever (assuming the user chose a key that was more than just a dictionary word). These WEP attacks are actually flaws in the design of the system which allow you to crack a key many times faster than brute force.

Rainbow tables, dictionaries, and the like are all just variations on brute force. They accelerate the process, but either way you're not actually breaking the encryption but instead using a crapload of processor power to try one key after another until you hit the right one.

Saying WPA is insecure because there is a brute force tool for it is like saying the a lock is insecure because I could go and start trying combinations. 1-1-1....1-1-2....1-1-3.........

--
I used to get high on life, but I developed a tolerance. Now I need something stronger.
Re:Who even still users WEP? by eclectro · 2007-04-03 11:05 · Score: 5, Funny

unless I can convince my dad that there is a real reason to upgrade to better security.

Is your sister cute? Does she have pictures of herself on her computer?

--
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Re:Who even still users WEP? by Technician · 2007-04-03 11:23 · Score: 4, Interesting

No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).

No. We use some prety antique hardware (laptop with embedded 11b no WPA). We are fairly remote so the number of potential attackers is pretty slim. To discourage them, DHCP is truned on. The DHCP range is blocked from the gateway by access control. To get a leachable connection, you will need to spoof a MAC address, use a fixed IP address, and hope we are not online at the moment. A conflict will be noticed.

We don't need a hack proof wireless. We just need to be more difficult than our neighbors.

--
The truth shall set you free!
Broken Even Worse?! by Seumas · 2007-04-03 12:21 · Score: 5, Funny

Slashdot editors suck at grammar. Obviously, the words they were looking for was supposed to be more brokener.