WEP Broken Even Worse 393
collin.m writes in with news of results out of Darmstadt. Erik Tews and others there have demonstrated how to recover a 104-bit WEP key in under a minute, requiring the capture of fewer than 10% the number of packets the previous best method called for. The paper is here (PDF). Quoting: "We were able to extend Klein's attack and optimize it for usage against WEP. Using our version, it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets... for 85,000 data packets [the success probability is] about 95%... 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz..."
Re:Who even still users WEP? (Score:5, Insightful)
Re:Who even still users WEP? (Score:2, Insightful)
Re:Who even still users WEP? (Score:5, Insightful)
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
Re:Who even still users WEP? (Score:3, Insightful)
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
Login authentication does not prevent a man in the middle attack of the breakin sort.
You need end to end encryption, including encrypted login and certificate verification with secure exchange made pre-connection to provide security over a wireless link.
Just another reason why if it's not a PDA or a tablet, you should be using a wire. You can get 100' or more of CAT5E for the price of a 802.11G access point, and an 8 port 10/100 FDX switch with port autonegotiation (auto-crossover, too) is about $20. Good jacks will run you $5 per end. Patch cables are a buck and longer cables are just a few bucks.
Re:Back in the courtroom (Score:4, Insightful)
there is significant doubt as to who the user of a wireless lan really is.
in fact, it now makes sense to DOWNGRADE wireless AP's due to this...
(and then just run ssh on top of it, for sessions that truly need privacy).
Re:Can ARC4 be used properly at all? (Score:4, Insightful)
Re:Who even still users WEP? (Score:3, Insightful)
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
Re:Simple, cheap, easy solution (Score:1, Insightful)
Re:Who even still users WEP? (Score:5, Insightful)
Well, that was an incredibly arrogant response from someone who refuses to examine reality.
How many environments are you familiar with in which everything is always upgraded all at the same time, in which all of the hardware works the first time, and in which you never become dependent on a legacy product for any length of time?
Here in the really real world, we often have reasons to utilize legacy hardware. What if I've got one of those $1500 bar code scanner boxes and it doesn't support WPA and there's no upgrade to provide it? Am I going to spend $1600 for this year's model with two more buttons and WPA support? Or am I going to keep using this device as long as I think I can get away with it? What if I don't have budget to buy a replacement? What if it's not even my decision?
Like I said, here in the real world, we often have to use suboptimal equipment. And I assure you that huge numbers of corporations, including those amongst the fortune whatever, are still using wifi gear with no WPA support on a daily basis.
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
Uhmm, methinks you have not actually done this much... Or at least not in many houses.
Things like lath&plaster, plumbing, strange placement of studs, lack of crawlspaces, windows, carpet, laminates, tile, doors, fireplaces, and foundations - all sorts of stuff really makes it not, well, trivial.
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
The most obvoius solution. (Score:3, Insightful)
Since this is Slashdot, I request a community service: Come up with a script/whatever where this is simple.
Re:Who even still users WEP? (Score:4, Insightful)
I mean, no matter how bad WEP is, you'll never be able to hack into a WEP network as fast as you can an open one.
It may be where I live, but around town there are open networks virtually EVERYWHERE.
Conduit (Score:3, Insightful)
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
Re:Can ARC4 be used properly at all? (Score:1, Insightful)
Re:Can ARC4 be used properly at all? (Score:2, Insightful)
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
Re:Can ARC4 be used properly at all? (Score:5, Insightful)
1. Story posted about $SECURITY_PROTOCOL being broken on $BROKEN_DATE at $SEVERITY
2. Comments ensue recommending ridiculously complex/impractical solutions (in typical slashdot lore) getting modded up
3. Comments ensue about how ridiculous and complex those impractical solutions are, getting modded down/up on a 50/50 basis
4. Actual common-to-do, easy to implement solutions, like the WPA2 in linksys routers, are not discussed or modded
5. Extreme architecture biases/overall naivete about NO security implementation being completely secure is prevalent in a lot of comments
6. Sometimes, people come in to right these fallacies in the free market way, by posting.
Put short, wires are not a solution, no encryption protocol is flawless, the risks/rewards of wireless should be known and the technology should be used accordingly. But improvements in protocol and advancements in technology, especially relatively easy to implement ones, should be emphasized.
Re:Can ARC4 be used properly at all? (Score:3, Insightful)
Re:Can ARC4 be used properly at all? (Score:2, Insightful)