Forgot your password?
typodupeerror
Security Wireless Networking Hardware IT

WEP Broken Even Worse 393

Posted by kdawson
from the give-me-a-minute dept.
collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."
This discussion has been archived. No new comments can be posted.

WEP Broken Even Worse

Comments Filter:
  • by Knara (9377) on Tuesday April 03, 2007 @05:54PM (#18595431)
    No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).
  • by Eugenia Loli (250395) on Tuesday April 03, 2007 @05:55PM (#18595455) Homepage Journal
    There ARE people out there who are FORCED to use WEP because they use it with older devices that don't support anything else. It would be very expensive replacing all these specific/mobile devices just so they can use a new encryption.
  • by ukatoton (999756) on Tuesday April 03, 2007 @05:57PM (#18595487)
    2 words: Legacy Hardware I have 2 computers in my house with cards that don't support WPA. If I were to set my router to run with WPA, then my sister would not be able to connect to the network. If i told her the security implications, she wouldn't understand nor care. Upgrading the network would mean me footing the bill for new wireless cards unless I can convince my dad that there is a real reason to upgrade to better security. However, this is unlikely.
  • by Lehk228 (705449) on Tuesday April 03, 2007 @06:03PM (#18595607) Journal
    disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers
  • by jrumney (197329) on Tuesday April 03, 2007 @06:04PM (#18595633) Homepage
    All my pieces of wifi equipment but one support WPA-PSK, but it only takes one piece of equipment to tie me to WEP.
  • by drinkypoo (153816) <martin.espinoza@gmail.com> on Tuesday April 03, 2007 @06:06PM (#18595657) Homepage Journal

    disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers

    Login authentication does not prevent a man in the middle attack of the breakin sort.

    You need end to end encryption, including encrypted login and certificate verification with secure exchange made pre-connection to provide security over a wireless link.

    Just another reason why if it's not a PDA or a tablet, you should be using a wire. You can get 100' or more of CAT5E for the price of a 802.11G access point, and an 8 port 10/100 FDX switch with port autonegotiation (auto-crossover, too) is about $20. Good jacks will run you $5 per end. Patch cables are a buck and longer cables are just a few bucks.

  • by TheGratefulNet (143330) on Tuesday April 03, 2007 @06:07PM (#18595683)
    its modded as funny BUT its a VERY valid defense, I would think (ianal).

    there is significant doubt as to who the user of a wireless lan really is.

    in fact, it now makes sense to DOWNGRADE wireless AP's due to this...

    (and then just run ssh on top of it, for sessions that truly need privacy).
  • by zippthorne (748122) on Tuesday April 03, 2007 @06:16PM (#18595821) Journal
    It's not the wire that's expensive, it's the holes. In fact, those aren't even the expensive bit. It's the properly out-of-the way and invisible that's expensive.
  • by zippthorne (748122) on Tuesday April 03, 2007 @06:20PM (#18595867) Journal
    It's faster than his Internet connection, which apparently is a cable modem. No need to go significantly faster than the main bottleneck. Especially if the LAN is mostly used to share the WAN anyway.
  • by Belial6 (794905) on Tuesday April 03, 2007 @06:20PM (#18595893)
    I agree with you. That is why I really annoys me that in this day and age, builders are still not putting conduit in walls during construction. I understand a 20 year old house not having conduit in the walls. I can even understand a 10 year old house not having conduit, but any house built in the last 5 years should have conduit to every room. We already know that whatever is in the walls today will be inadequate in another 10 years.
  • by Gothmolly (148874) on Tuesday April 03, 2007 @06:25PM (#18595985)
    Wireless is NOT cheaper than cable. A wireless card for my PC was $29. To run wire, crimp the ends, drill through the floor, and install an outlet box would be more than that, just in parts. Scale it up to a few people in the house, and throw in an occasional laptop, and the cost of wiring becomes ridiculous.
  • by drinkypoo (153816) <martin.espinoza@gmail.com> on Tuesday April 03, 2007 @06:29PM (#18596055) Homepage Journal

    So.. your answer is "people who don't upgrade." Not to sound discriminatory, but I'm pretty sure he wasn't including you in the question, much the way when I say "Who doesn't run a firewall?" I'm not including people who still use C64s. Talk to us again when all your hardware supports WPA, but you still use WEP anyway.

    Well, that was an incredibly arrogant response from someone who refuses to examine reality.

    How many environments are you familiar with in which everything is always upgraded all at the same time, in which all of the hardware works the first time, and in which you never become dependent on a legacy product for any length of time?

    Here in the really real world, we often have reasons to utilize legacy hardware. What if I've got one of those $1500 bar code scanner boxes and it doesn't support WPA and there's no upgrade to provide it? Am I going to spend $1600 for this year's model with two more buttons and WPA support? Or am I going to keep using this device as long as I think I can get away with it? What if I don't have budget to buy a replacement? What if it's not even my decision?

    Like I said, here in the real world, we often have to use suboptimal equipment. And I assure you that huge numbers of corporations, including those amongst the fortune whatever, are still using wifi gear with no WPA support on a daily basis.

  • by valkraider (611225) on Tuesday April 03, 2007 @06:32PM (#18596125) Journal

    Unless you live in an apartment, this is not remotely true. Running your own wires is, well, trivial unless you are physically disabled in some significant way.

    Uhmm, methinks you have not actually done this much... Or at least not in many houses.

    Things like lath&plaster, plumbing, strange placement of studs, lack of crawlspaces, windows, carpet, laminates, tile, doors, fireplaces, and foundations - all sorts of stuff really makes it not, well, trivial.
  • by kakos (610660) * on Tuesday April 03, 2007 @06:58PM (#18596467)
    Get a clue. The weakness in WEP has everything to do with a vulnerability in RC4 (specifically this one [drizzle.com]). The vulnerability is due to the fact that there is a weakness in RC4's key scheduling algorithm that allows an attacker to obtain the whole key from only a very few bits that just happen to be in the first 24-bits of the key. Since the IV does repeat, it is easy to obtain packets with the weak key bits. However, if WEP did not use RC4, that vulnerability wouldn't be there and you couldn't break WEP using that attack.
  • by Randseed (132501) on Tuesday April 03, 2007 @07:10PM (#18596599)
    The most obvious solution is to have each machine that connects over wireless use a VPN. Everything coming in over anything other than the VPN is discarded.

    Since this is Slashdot, I request a community service: Come up with a script/whatever where this is simple.

  • by JWW (79176) on Tuesday April 03, 2007 @07:19PM (#18596713)
    Hell, out of 5 wireless networks I can "see" from my house, two have no encryption on whatsoever.

    I mean, no matter how bad WEP is, you'll never be able to hack into a WEP network as fast as you can an open one.

    It may be where I live, but around town there are open networks virtually EVERYWHERE.
  • Conduit (Score:3, Insightful)

    by xquercus (801916) on Tuesday April 03, 2007 @07:59PM (#18597185)
    The only real conduit one needs in a house are a crawlspace and an attic.
  • by rossz (67331) <ogre@@@geekbiker...net> on Tuesday April 03, 2007 @08:04PM (#18597261) Homepage Journal
    You've obviously have never been married.
  • by linzeal (197905) on Tuesday April 03, 2007 @09:53PM (#18598357) Homepage Journal
    The last house I lived in I had RJ-42 jacks in every room, it took 2 days to snake the cable from the upstairs to the downstairs. Wireless for me is good for outside and not much else. I guess if you live in an apartment you really can't but what geek here can't go get a 500' spool and wire their house in a weekend?
  • by dagamer34 (1012833) on Tuesday April 03, 2007 @10:03PM (#18598429)
    MAC addresses can easily be spoofed. Get a clue, pal.
  • by Belial6 (794905) on Tuesday April 03, 2007 @10:26PM (#18598601)
    That is a perfect example of what I consider a bad builder. One that is putting in things that are designed to make people THINK they are getting quality, when they really are not. I could care less about Cat-5 and coax, if you just put in a conduit. That builder has already created a situation where the wiring is out dated. Gigabit wants Cat-6. If he had put in conduit, every one of his houses could be rewired by the homeowner with very little fuss. But since the builder didn't care if the house was maintainable, he just slapped in some wire, and sprinted that he did it as a bullet point on the sales sheet. Part of the problem though is that the buyers ooohhh and ahhhh about the cat-5, and don't even think about what they are going to do in a few years.
  • by thealsir (927362) on Wednesday April 04, 2007 @01:23AM (#18599751) Homepage
    Common Slashdot Format(TM)

    1. Story posted about $SECURITY_PROTOCOL being broken on $BROKEN_DATE at $SEVERITY
    2. Comments ensue recommending ridiculously complex/impractical solutions (in typical slashdot lore) getting modded up
    3. Comments ensue about how ridiculous and complex those impractical solutions are, getting modded down/up on a 50/50 basis
    4. Actual common-to-do, easy to implement solutions, like the WPA2 in linksys routers, are not discussed or modded
    5. Extreme architecture biases/overall naivete about NO security implementation being completely secure is prevalent in a lot of comments
    6. Sometimes, people come in to right these fallacies in the free market way, by posting.

    Put short, wires are not a solution, no encryption protocol is flawless, the risks/rewards of wireless should be known and the technology should be used accordingly. But improvements in protocol and advancements in technology, especially relatively easy to implement ones, should be emphasized.
  • by Builder (103701) on Wednesday April 04, 2007 @03:14AM (#18600481)
    How much less could you care ?
  • by evilbessie (873633) on Wednesday April 04, 2007 @05:21AM (#18601303)
    Um no, gigabit networks need Cat-5E not necessarily Cat-6, most Cat-5 is actually Cat-5E these days anyway, although I would still check you are using Cat-5E if you need gigabit.

It is better to give than to lend, and it costs about the same.

Working...