[CLUE-Tech] WEP security?
Tom Poindexter
tpoindex at nyx.net
Mon Nov 18 16:47:40 MST 2002
On Sun, Nov 17, 2002 at 04:44:30PM -0700, Sean LeBlanc wrote:
> I knew WEP was on shaky ground, but this makes it sound like cracking WEP is
> trivial. Has anyone been cracked at work or at home, and if so, how did you
> find out about it?
40-bit WEP can probably be cracked in under 30 seconds for most cases, where
WEP keys are choosen from ASCII characters. Using ASCII keys are easy to
type, but essentially reduces the key space from 40 bits to about 21 bits.
A full brute force on 40 bits might take several weeks, but due to other
problems in WEP (weak keys, etc.) that time is probably a matter of days.
104 bit WEP is harder to brute force, but taking advantage of WEP
problems and a small cluster of machines, a week should be considered the
time to break a 104 bit WEP key.
I've not been hacked (to my knowledge :); my main indication is just watching
my access point from time to time, watching the lights blink.
For my network, my AP sets in a DMZ, between my firewall box (an old 486
running LEAF-Linux Embedded Application Firewall, Bering release), and my
DSL router. I do have WEP enabled, but don't trust it. I could be vulnerable
to someone stealing network connectivity, but I'm fairly confident that my
firewall keeps out the bad stuff.
Better monitoring would probably make use of packet sniffers (Ethereal, etc.),
also sitting in the DMZ, and also correlating your legitimate activity.
Here's another link to a presentation a friend of mine gave at FRUUG last
April:
http://boulderlabs.com/publications.php
(see the link to: http://boulderlabs.com/vulnerable.pdf)
Other links:
http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
http://www.cryptolabs.org/wep/
http://www.cs.rice.edu/~astubble/wep/wep_attack.pdf
--
Tom Poindexter
tpoindex at nyx.net
http://www.nyx.net/~tpoindex/
More information about the clue-tech
mailing list