Cracking Wi-Fi. "We Think that WEP is Dead Now"
Written by martyndavies on May 19, 2007 - 01:59 PM
As reported over on the Voipsa site, Wi-Fi systems using WEP encryption can be cracked in 1 minute thanks to some new research.
In a new interview on the Register, they describe exactly how this works. Using ARP requests they can reach a rate of 764 packets per second, allowing them to clock up their 40,000 packets in about 60 sec. The more encrypted packets you have for inspection, the higher the probability that you can crack the code, hence the 95% probability after 2 minutes.
What are the choices for those with old routers that only support WEP? One thing mentioned by the researchers is that if you can rate-limit ARP processing, then this will slow down this kind of attack, but ultimately upgrading is the best answer:
| Quote: |
|
The old attack needed between 500,000 to 2 million packets to "work usually". We (Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann) showed that our attack has a success probability of 50 per cent with 40,000 packets and success probability of 95 per cent with 85,000 packets. So perhaps the speedup is a factor of 15 or so in the number of packets required. |
In a new interview on the Register, they describe exactly how this works. Using ARP requests they can reach a rate of 764 packets per second, allowing them to clock up their 40,000 packets in about 60 sec. The more encrypted packets you have for inspection, the higher the probability that you can crack the code, hence the 95% probability after 2 minutes.
| Quote: |
|
What we need to perform the attack are a lot of packets where we know the IV (this is transmitted in plaintext) and we need to know a certain part of the keystream. If you know the plaintext of the packet, you can get it by just xoring the plaintext with the ciphertext in the packet. For an ARP request or response, the first 16 bytes of the plaintext are known, which gives you the first 16 bytes of the keystream. |
What are the choices for those with old routers that only support WEP? One thing mentioned by the researchers is that if you can rate-limit ARP processing, then this will slow down this kind of attack, but ultimately upgrading is the best answer:
| Quote: |
|
We think that WEP is DEAD now, there isn't much left to fix. If your hardware cannot speak WPA and you need wireless security, you should replace your hardare (which costs money) or alternatively configure any kind of VPN. |
| Forum Rules and Guidelines | About VoIP User | Privacy Policy |
All logos and trademarks in this site are property of their respective owner. Comments and posts are property of the poster, all the rest (c) 2003-2008 VoIP User Limited. VoIP User Limited is incorporated in England and Wales under Company Number 6694577. No part of this site may be reproduced without our prior consent. |
