Please create an account to participate in the Slashdot moderation system


Forgot your password?
Security Wireless Networking Hardware IT

WEP Broken Even Worse 393

collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."
This discussion has been archived. No new comments can be posted.

WEP Broken Even Worse

Comments Filter:
  • by Myria ( 562655 ) on Tuesday April 03, 2007 @05:48PM (#18595335)
    Can ARC4 be used securely at all? Or are WEP's failings its own fault?

    On a somewhat related note, I'm annoyed that wireless encryption was implemented in hardware. Nintendo DS's wireless is worthless to me since the encryption system can't be upgraded.
    • by Lehk228 ( 705449 ) on Tuesday April 03, 2007 @06:03PM (#18595607) Journal
      disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers
      • disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers

        Login authentication does not prevent a man in the middle attack of the breakin sort.

        You need end to end encryption, including encrypted login and certificate verification with secure exchange made pre-connection to provide security over a wireless link.

        Just another reason why if it's not a PDA or a tablet, you should be using a wire. You can get 100' or more of CAT5E for the price of a 802.11G access point, and an 8 port 10/100 FDX switch with port autonegotiation (auto-crossover, too) is about $20. Good jacks will run you $5 per end. Patch cables are a buck and longer cables are just a few bucks.

        • by qbwiz ( 87077 ) * <john&baumanfamily,com> on Tuesday April 03, 2007 @06:14PM (#18595777) Homepage
          Dragging 300' of cable throughout and around your house to use your laptop anywhere you want: priceless.
        • by zippthorne ( 748122 ) on Tuesday April 03, 2007 @06:16PM (#18595821) Journal
          It's not the wire that's expensive, it's the holes. In fact, those aren't even the expensive bit. It's the properly out-of-the way and invisible that's expensive.
          • by Belial6 ( 794905 ) on Tuesday April 03, 2007 @06:20PM (#18595893)
            I agree with you. That is why I really annoys me that in this day and age, builders are still not putting conduit in walls during construction. I understand a 20 year old house not having conduit in the walls. I can even understand a 10 year old house not having conduit, but any house built in the last 5 years should have conduit to every room. We already know that whatever is in the walls today will be inadequate in another 10 years.
            • Conduit (Score:3, Insightful)

              by xquercus ( 801916 )
              The only real conduit one needs in a house are a crawlspace and an attic.
            • Re: (Score:3, Informative)

              by failedlogic ( 627314 )
              About 5 years ago when I worked for sales at a cable company, a mid to large size home builder told me every house he was building would have Cat-5 in every room of the house with a wall jack. He didn't care if the room was the laundry, the basement, the attic (ok, attic I'm exaggerating) but he was serious about it. I think he was one of the first builders in my city to do this. I remember his story and then a few years later the larger builders ensued with similar practices. He did similar pre-wiring with
              • by Belial6 ( 794905 ) on Tuesday April 03, 2007 @10:26PM (#18598601)
                That is a perfect example of what I consider a bad builder. One that is putting in things that are designed to make people THINK they are getting quality, when they really are not. I could care less about Cat-5 and coax, if you just put in a conduit. That builder has already created a situation where the wiring is out dated. Gigabit wants Cat-6. If he had put in conduit, every one of his houses could be rewired by the homeowner with very little fuss. But since the builder didn't care if the house was maintainable, he just slapped in some wire, and sprinted that he did it as a bullet point on the sales sheet. Part of the problem though is that the buyers ooohhh and ahhhh about the cat-5, and don't even think about what they are going to do in a few years.
          • It's not the wire that's expensive, it's the holes. In fact, those aren't even the expensive bit. It's the properly out-of-the way and invisible that's expensive.

            Unless you live in an apartment, this is not remotely true. Running your own wires is, well, trivial unless you are physically disabled in some significant way.

            If you do live in an apartment, it's much harder because walls have to be ripped apart and put back up, or at the very least to do it gynecologist style you have to put medium-sized holes

        • by thealsir ( 927362 ) on Wednesday April 04, 2007 @01:23AM (#18599751) Homepage
          Common Slashdot Format(TM)

          1. Story posted about $SECURITY_PROTOCOL being broken on $BROKEN_DATE at $SEVERITY
          2. Comments ensue recommending ridiculously complex/impractical solutions (in typical slashdot lore) getting modded up
          3. Comments ensue about how ridiculous and complex those impractical solutions are, getting modded down/up on a 50/50 basis
          4. Actual common-to-do, easy to implement solutions, like the WPA2 in linksys routers, are not discussed or modded
          5. Extreme architecture biases/overall naivete about NO security implementation being completely secure is prevalent in a lot of comments
          6. Sometimes, people come in to right these fallacies in the free market way, by posting.

          Put short, wires are not a solution, no encryption protocol is flawless, the risks/rewards of wireless should be known and the technology should be used accordingly. But improvements in protocol and advancements in technology, especially relatively easy to implement ones, should be emphasized.
      • disable wireless security and implement real security, such as a RADIUS login. then set up a firewall rule to allow unauthenticated devices to access nintendo's servers

        Not too shabby. Question for ya, though: Does all the traffic for those NDS games go through the Nintendo servers, or is it routed straight to the other players? Sending packets directly playerplayer would be faster but it would also make it harder to deal with NAT and firewalls, I suppose...

        And can you actually make a wireless router accept both secured and unsecured connections (or WPA and WEP connections) at the same time? So, for instance, the laptops of the house would all use WPA and the NDS would

    • by stinerman ( 812158 ) <> on Tuesday April 03, 2007 @06:07PM (#18595671) Homepage
      The problems with WEP have nothing to do with RC4. The problem is that the initialization vectors end up being reused because they are only 24 bits. Reusing IVs is a major no-no when dealing with a stream cipher. And to compound that, the implementation allows for a 50% chance to use the same IV after only 5000 packets. (see wikipedia)

      RC4 is still just as secure as it was before these WEP attacks.
      • by kakos ( 610660 ) * on Tuesday April 03, 2007 @06:58PM (#18596467)
        Get a clue. The weakness in WEP has everything to do with a vulnerability in RC4 (specifically this one []). The vulnerability is due to the fact that there is a weakness in RC4's key scheduling algorithm that allows an attacker to obtain the whole key from only a very few bits that just happen to be in the first 24-bits of the key. Since the IV does repeat, it is easy to obtain packets with the weak key bits. However, if WEP did not use RC4, that vulnerability wouldn't be there and you couldn't break WEP using that attack.
    • by linuxmop ( 37039 ) on Tuesday April 03, 2007 @06:22PM (#18595917)
      Wireless encryption is (often) implemented in hardware because encryption is expensive to perform. This is especially true on embedded platforms like the DS.

      However, you can apparently upgrade your DS to support WPA with a hacked firmware []. It's not clear from the page, but I am fairly sure that it only supports TKIP encryption and not AES since, like WEP, TKIP uses RC4 so does not require a hardware upgrade. It does, however, solve the initialization vector problems of WEP that another poster mentioned; as far as I know, TKIP has not been broken.

      Moral? If you're still using WEP, update your drivers and firmware and you may be able to get TKIP WPA and get those pesky neighbors off of your connection.
  • Hasn't most everyone moved to WPA-PSK by now?
    • by Knara ( 9377 ) on Tuesday April 03, 2007 @05:54PM (#18595431)
      No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).
      • by Technician ( 215283 ) on Tuesday April 03, 2007 @07:23PM (#18596777)
        No. Even a cursory glance at your laptop next time you are in a commercial parking lot will tell you that (or at an apartment complex).

        No. We use some prety antique hardware (laptop with embedded 11b no WPA). We are fairly remote so the number of potential attackers is pretty slim. To discourage them, DHCP is truned on. The DHCP range is blocked from the gateway by access control. To get a leachable connection, you will need to spoof a MAC address, use a fixed IP address, and hope we are not online at the moment. A conflict will be noticed.

        We don't need a hack proof wireless. We just need to be more difficult than our neighbors.
      • by nutshell42 ( 557890 ) on Tuesday April 03, 2007 @07:25PM (#18596797) Journal
        Well, from a legal POV the plausible deniability an unsecured WLAN offers is quite tempting.

        As long as you secure your computers and data (and if you're not charged by the GB), it's really useful to be able to tell the judge that it was teH h4X0rZz when the RIAA rings at your door.

    • Re: (Score:2, Insightful)

      There ARE people out there who are FORCED to use WEP because they use it with older devices that don't support anything else. It would be very expensive replacing all these specific/mobile devices just so they can use a new encryption.
      • by COMON$ ( 806135 ) *
        Technically you are never forced. There are wonderful tools that can keep you safe even if you are on a wide open network. OpenVPN comes to mind, or for the less technically minded there are many many many, easy to set up vpn clients out there for free use.
      • Corporate Greed (Score:5, Informative)

        by Lead Butthead ( 321013 ) on Tuesday April 03, 2007 @06:47PM (#18596351) Journal
        My understanding is that it should be easy enough to implement WPA on older (.11a/b) hardware, but companies much rather sell end user new hardware (.11g etc.) than spending development time to upgrade old hardware (that does not generate additional revenue.) This is evident in that Apple's old AirPort (.11b) does support WPA but other venders' (that would include YOU, Linksys) old .11a/b products do not.
        • Re: (Score:3, Informative)

          by Anti_Climax ( 447121 )
          Prism Based 802.11b adapters (sold under Lucent, Orinoco, Conexant, 2wire, Dell, ZCom and several other names) support WPA with a proper driver. I'm not sure if it's the full AES WPA or if it's just TKIP. TKIP may be subject to a similar attack as mentioned by a previous poster. It is my understanding that unless the adapter was built with a fair amount of extra capability, WPA AES is not an option.
    • Re: (Score:2, Informative)

      by drinkypoo ( 153816 )
      AFAIK I have precisely zero pieces of 802.11 equipment with WPA support. I have a broadcom PCI 802.11G adapter, it MIGHT have it. NONE of my 802.11b hardware does. The laptop I use, which work owns, does have WPA support, but nothing I have will speak WPA to it anyway. If I need security I use VPN and firewall all other traffic.
      • Re: (Score:3, Insightful)

        by jrumney ( 197329 )
        All my pieces of wifi equipment but one support WPA-PSK, but it only takes one piece of equipment to tie me to WEP.
      • "precisely zero"
        I do not think that means what you think it means.
        laptop + broadcom 802.11G adapter != precisely zero
    • by ukatoton ( 999756 ) on Tuesday April 03, 2007 @05:57PM (#18595487)
      2 words: Legacy Hardware I have 2 computers in my house with cards that don't support WPA. If I were to set my router to run with WPA, then my sister would not be able to connect to the network. If i told her the security implications, she wouldn't understand nor care. Upgrading the network would mean me footing the bill for new wireless cards unless I can convince my dad that there is a real reason to upgrade to better security. However, this is unlikely.
      • Re: (Score:2, Redundant)

        Exactly. And then there are lots of PDAs and similar devices that don't have upgradable WIFI cards. Unfortunately, WEP won't go away so fast.
      • by eclectro ( 227083 ) on Tuesday April 03, 2007 @07:05PM (#18596531)
        unless I can convince my dad that there is a real reason to upgrade to better security.

        Is your sister cute? Does she have pictures of herself on her computer?
      • If the cards don't do WPA, then cheat. Most wireless-capable routers that don't support WPA -do- support IPSec, as do most laptops and other portable devices. Sure, you're not doing hardware encryption then, but the speed of most modern processors vastly outpaces most wireless connections - you can afford the cycles on an IPSec tunnel to the router. In theory, this is better than WPA, as IPSec is a more mature standard with a lot more people looking at the design.
      • Re: (Score:3, Funny)

        by ZDRuX ( 1010435 ) *
        You still live with your parents?!.. Hahaha, you're such a lo.. Wait a minute, so do I!.. fuck.
    • Not those of us still with 802.11b routers that work just fine, already run faster than our cable connection, and give us no reason to pay for every lower-case letter update that comes along. Maybe when 'n' is ratified, certified, and gone through it's first couple price drops it will be worth upgrading.
    • by aschlemm ( 17571 )
      Some of my neighbors use WEP or no encryption at all. In scanning all WIFI networks in range of my laptop from my home, my WIFI network is the only one using WPA-PSK. I'm in the burbs but I've noticed more networks using WPA in urban areas but it's not even close to 100% yet.

    • by Southpaw018 ( 793465 ) * on Tuesday April 03, 2007 @06:04PM (#18595619) Journal
      Unfortunately, Nintendo has outright refused to support WPA on the DS. Those who use the DS online regularly must either fall back to WPA or resort to completely unsecured communication. Or change their router's settings every single time they want to play online.

      Nintendo's response to this is, last I checked, "well, disable WEP and then turn off your computer," which is obviously ridiculous.
      • Wooops. Cut-pasted too fast, switched WPA and WEP around the second time I mentioned them.
      • Or change their router's settings every single time they want to play online.

        Stack routere.. Use the WEP router at the cable box. If it's hacked.. your other machines are behind another NAT router. If possible, set up MAC filters to just one. It helps detect unauthorised connections. A second duplicate (spoofed) client would cause a conflict. If you have trouble connecting, you know to check via hard connection or wireless traffic lights that someone has connected. An unreliable connection should hel
    • no, my goddamn Nintendo DS doesn't do WPA.


      I'm half tempted to lock down my wireless and just buy the usb dongle and use my laptop for Nintendo DS Wifi.
    • Re: (Score:3, Informative)

      by Zadaz ( 950521 )
      I live in downtown San Francisco. If I put my laptop in my kitchen window I can pick up 46 wireless networks.

      2 of them are WPA-PSK (including mine)
      12 of the are unsecured.
      The rest are WEP.

      7 of the WEP encrypted ones are the DSL router/wireless access point that AT&T hands out. As far as I can tell this piece of hardware can't be configured in any way, can't even change your WEP key.

    • by vux984 ( 928602 )
      Not me! What's holding me back?


      Every time I've tried to use WPA my Linux laptop can't access the network (currently Dapper Drake). I've tried the wpasupplicant stuff a few times now, but without success, and the troubleshooting involves mucking with config files, breaking what gui support there is, etc.

      The lack of good GUI support is an issue, I don't want to drop to the command line, and manually edit configuration files for wireless networking. I switch networks too often to have any desire to 'fidd
      • in a terminal, sudo apt-get install network-manager

        save your work


        log back in
    • I wish I could, but it would mean rebuying interface cards for all of our computers except one, a new AP (seems to be increasingly hard to find plain APs these days and we need two to cover the entire house), and our DSes only support WEP.
  • So what... (Score:2, Interesting)

    by gatkinso ( 15975 )
    ....well, not really.

    But many home users run their access point completely open and never have a problem. WEP still will make an attacker have to actually break in - negating their excuses of "well it *was* wide open , so..."

    Of course, this vulenrability applies to those would wish to/need to secure their networks.
    • by QuantumG ( 50515 )
      Yeah man. I don't know why people don't encrypt their telephone lines, or put alarm systems on their power box. It's their own fault if people use their phoneline to make calls or leech power.

  • by Nom du Keyboard ( 633989 ) on Tuesday April 03, 2007 @05:53PM (#18595423)
    Your Honor, I was using WEP on my Linksys when the RIAA claimed their agents, Media Sentry, claimed that my IP address was involved in illegal filesharing. I was taking the best precautions my poor little 802.11b router can handle. Allow me to now introduce a paper here explaining how my system can be broken by the average desktop computer in less than a minute.

    Case Dismissed!

    • by TheGratefulNet ( 143330 ) on Tuesday April 03, 2007 @06:07PM (#18595683)
      its modded as funny BUT its a VERY valid defense, I would think (ianal).

      there is significant doubt as to who the user of a wireless lan really is.

      in fact, it now makes sense to DOWNGRADE wireless AP's due to this...

      (and then just run ssh on top of it, for sessions that truly need privacy).
      • by burris ( 122191 )
        Except in a civil suit the standard of evidence is merely "preponderance of evidence" and not "beyond reasonable doubt."
        • WEP use in a heavily populated area plus a "clean" hard disk examined by a forensics expert ought to be enough to tip the scales in favor of the defendant, even in a civil trial. At least I hope, from this non-lawyer point of view.
    • by QuantumG ( 50515 )
      Shame about the file fragments (or whole files) they'll find on your harddrive.. which the court will compell you to produce to a forensic expert. You're better off planting a worm infection on your computer.. then claim you were part of a botnet.
      • Re: (Score:3, Interesting)

        by dissy ( 172727 )
        Shame about the file fragments (or whole files) they'll find on your harddrive.. which the court will compell you to produce to a forensic expert. You're better off planting a worm infection on your computer.. then claim you were part of a botnet.

        Totally valid point. One of the main reasons you should stay under the radar and not get a finger pointed at you if at all possible.

        While excuses such as 'someone was on my wireless' are totally valid, the court will indeed check your systems, and once they find t
        • by QuantumG ( 50515 )
          I actually think I'd be more happy going to court and saying some things on the record that should be said:

          You're fuckin' kiding me right? Everyone does this. Today they're suing me, tomorrow they could be suing you, your honour.

        • Maybe your encryption method should create fake partition tables showing only 250 GBs formated on your 500GB disk.

          How thorough are they going to be looking at your drive? If the partition table comes up as 250GBs, and the system disk looks normal, they wouldn't be looking very much further. Even if they clone the drive, they rest of the encrypted disk will just look like noise.
    • Case Dismissed!

      Here is the bill from your lawyer... After all the outcome is after they took an image of your hard drive and fought the case and found this isn't the hard drive we are looking for and they tried to find out who in the last year may have brough over a computer such as parrents, children, siblings, girlfriends, boyfriends....

      The Case Dismissed is still expensive.
  • by Zarhan ( 415465 ) on Tuesday April 03, 2007 @05:57PM (#18595493)
    For some reason I can't get the paper to load, but anyway, does this still depend on weak initialization vectors?

    I know that the original attack did depend on that, and most software and basestations have since been configured to avoid those weak IVs. I know that some stuff (like Nokia's basestations) are still weak agains the original attack (at least when tested with Kismet), however, against Cisco Aironets and almost any newer hardware I haven't been able to see this weakness in action when trying out if it really works...

    (Terabeam uses the term "WEPPlus" about this - see plus.php [] )

    Anyway, if this is just extension of the original attack, then it still requires those weak IVs to exist.

    Or is it something completely new?
    • by tbo ( 35008 ) on Tuesday April 03, 2007 @06:06PM (#18595649) Journal
      For some reason I can't get the paper to load, but anyway, does this still depend on weak initialization vectors?

      According to the article, the attack does not require weak IVs. They haven't actually tested against WEPplus, but expect the attack to still work against it. In other words, WEP in all its forms is now nothing more than an electronic "No trespassing sign" and 3-foot fence.
      • by Khyber ( 864651 )
        "In other words, WEP in all its forms is now nothing more than an electronic "No trespassing sign" and 3-foot fence." Thank god, now the RIAA has very little tactical advantage left.
    • Does aircrack-ptw work against WEPplus?

      This has not been tested due to lack of equipment supporting WEPplus. Since WEPplus only avoids the weak IVs of the original FMS attack, we foresee no problems in applying the attack against WEPplus

      So you probably still aren't secure.
  • by andy55 ( 743992 ) on Tuesday April 03, 2007 @06:05PM (#18595639) Homepage
    This may be a dumb question, but why does TFA only refer to 40 and 104 bit WEP when the more common variants seem to be 64 and 128 bits?
    • by !ramirez ( 106823 ) on Tuesday April 03, 2007 @06:07PM (#18595677)
      Because there's a 24-bit IV, or initialization vector, that is not strictly considered part of the keyspace.
    • by jrumney ( 197329 )
      I don't know the full details of why, but not all those bits actually get used. I have seen them referred to as "64 bit (40 bit effective)" and "128 bit (104 bit effective) encryption". The hex keys contain 64/128 bits, but the encryption algorithm uses a 40/104 bit key derived from that.
    • Re: (Score:3, Informative)

      by Galaga88 ( 148206 ) *
      Not a stupid question, a good question.

      WEP uses a 24 bit initialization vector, and the rest is left for the actual key. So 40 bit = 64 bit - 24 bit IV. Same for 128 = 104. People just use the terms interchangably (for better or for worse).
  • Just upgrade ALL of your wireless hardware to avoid this. Or you could simply wire up your place and have secure communications at a faster speed and lower price.
  • by NotFamous ( 827147 ) on Tuesday April 03, 2007 @06:19PM (#18595853) Homepage Journal
    I use 56-bit WEP and I've never had.... ATTN: YOU HAVE WON THE IRISH LOTTERY PLEASE respons immediately to... I don't see why it is a big deal?
  • by kinglink ( 195330 ) on Tuesday April 03, 2007 @06:22PM (#18595925)
    WEP insecure! Coming up at 6PM Bill Gates still really really rich.
  • Hardly... WEP is known to be thoroughly broken - it doesn't really matter that now it's even more broken than before - the fact remains that it's no good.
    WPA has been around for something like 2½ years now, and it is a travesty if the wireless chipset you're using doesn't support it.

    The simple solution is continue to use WPA, like you should have been doing for years...
  • If you have no choice but to use WEP, then you should strongly consider using a VPN between clients and the connected network!

    In a corporate environment where it's hard to control who knows the passwords, do NOT bridge the wireless network to your secure cabled network but put it on a DMZ and allow limited services out to the internet, and even fewer into the corporate wired lan.
    • by ardor ( 673957 )
      In theory, VPN is a good idea.
      But setting up one is one of the most difficult things known to man.
  • by geekinaseat ( 1029684 ) on Tuesday April 03, 2007 @07:07PM (#18596559) Homepage

    This isn't really news. It's pretty smart that they have managed to crack WEP with so few IVs (it usually takes about 200,000 for 64bit and just under a million for 128bit) but in reality this doesn't change (or expose) WEPs inherent vuneribilities at all, for example I am currently doing my dissertation on wireless security and in tests WEP64 on average can be cracked in about 3 minutes and WEP128 in about 10 minutes so getting this down to a minute doesn't really change the fact that a hacker could capture enough packets simply by hanging around and drinking a coffee using the "old" tools.

    An interesting sidenote is that the amount of time a hacker needs to be near a target WLAN for WPA-PSK is measured in seconds making it much more insecure if it has a weak passphrase than WEP is even now with crack times under a minute.

    Please if you want a secure home wireless network choose WPA-PSK and make the passphrase as long and as abstract as possible, nothing else is safe -and if you have the cash... buy a radius server

    • Re: (Score:3, Interesting)

      by Rick17JJ ( 744063 )

      For my computers at home, I used the "Perfect Password Generator" that is on the web page to generate the longest most random possible WPA password. Each time I visit that web page a different a password is generated. I then placed the password on a USB key and transfered the password to both of my computers and the wireless router. I then cut and pasted the password instead of trying to type the huge password. For the extra paranoid, slicing and dicing and mixing up the long password that is ge

  • by Randseed ( 132501 ) on Tuesday April 03, 2007 @07:10PM (#18596599)
    The most obvious solution is to have each machine that connects over wireless use a VPN. Everything coming in over anything other than the VPN is discarded.

    Since this is Slashdot, I request a community service: Come up with a script/whatever where this is simple.

  • The built-in wireless card in my laptop is the only thing keeping me tied to WEP (my Palm uses BT so that's not an issue there). It's one of those weird combo mini-PCI cards that also drives the dial-up modem (HP zt1100 series laptop). If I could find a combo card that supported wireless G and WPA I'd upgrade in a heartbeat. I've searched the net for one, but it seems like mini-PCI cards are in this amorphous, murky world where it's impossible to locate manufacturers and specs.
  • by Seumas ( 6865 ) on Tuesday April 03, 2007 @08:21PM (#18597467)
    Slashdot editors suck at grammar. Obviously, the words they were looking for was supposed to be more brokener.

"It takes all sorts of in & out-door schooling to get adapted to my kind of fooling" - R. Frost