Wireless PCMCIA cards

Bob Keyes bob at sinister.com
Fri Feb 22 01:42:32 EST 2002


On 22 Feb 2002, Derek Atkins wrote:

> Bob Keyes <bob at sinister.com> writes:
>
> > A few words on WEP:
> >
> > YES, it has been broken. However, I still think it provides a modicum of
> > security that makes it worth having. The trick is not to be lulled into a
>
> Ok, I'll bite.  What "modicum of security" do you believe a broken
> WEP provides?
>
> -derek
>
> --
>        Derek Atkins
>        Computer and Internet Security Consultant
>        derek at ihtfp.com             www.ihtfp.com

Cracking WEP requires a large sample of packets encrypted with the same
WEP key. Of the 16.7 million possible keys, approximately 3000 are
considered cryptographically 'weak' (for 128 bit WEP). An attacker
needs about 2000 of these types of packets (often termed 'interesting') to
crack the WEP key. I saw a figure that an average APs usage level would
generate enough interesting packets, statistically, after at the most 16
days. However this may not be a great statistic, as one of the original
texts on the WEP problems
(http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html) shows that a very
busy network could generate enough interesting packets in 5 hours.

Airsnort and WEPCrack supposedly can crack WEP within 1 second after
capturing as little as 100 MB of data. However, in real life the amount of
data required seems to be considerably more, closer to the 1 GB
theoretical maximum than the optimal 100 MB. Typically, this is 700 MB or
so.

In any case, the amount of time and resources required for the attacker
to 'crack' WEP is enough to make it worth using, if you don't count the
support overhead in an IT organization due to the setting and periodic
changing of WEP keys.

The question you have to ask yourself is whether the extra protection
afforded by 128 bit WEP over 40 bit WEP is worth the extra money. A paper
by Fluhrer, Mantin, and Shamir "Weakness in the Key Scheduling Algorithm
of RC4", because the difficulty in cracking the higher level of crypto is
linear, not exponential as was originally thought.

The Prism2 based cards (Linksys,Zoom,SMC, etc) all have 128 bit WEP.
However I have heard that throughput with some of these prism2 devices
drops considerably when WEP is used. The higher performance cards such as
the Orinoco/Avaya and Cisco/Aironet have 128 bit WEP available only on
the premium model cards, but I have no knowledge of performance
degradation with WEP on these.

All of this information is available on the net. I have simply summarized
it here for the education of the lazy.

-bob




More information about the Discuss mailing list