Posted by: kurtsh | March 16, 2005

HACK: WEP-128bit is now crackable in minutes

Are you STILL using WEP 64bit or WEP 128bit to secure your wireless network?  You’d better change your tune quickly, buddy.  It used to take roughly a week of typical home-use wireless traffic to get through a 128-bit key in an average residential location using as simple Windows XP laptop.  Now it can be done in 5 minutes and the script kiddies are gonna be coming out of the woodwork.

SOLUTION:
The only solution today is to use WiFi Protected Access, aka WPA, which is built into Windows XP Service Pack 2.  (For more information go to:  http://support.microsoft.com/?kbid=815485)  We enable the use of AES encryption on network adapter & router hardware which can handle it’s heavy processing but we enable the weaker TKIP as well, which is a stop gap solution until people can get better hardware.  (See http://blogs.zdnet.com/Ou/index.php?p=20 for an explanation of recommendations)

DETAILED EXPLANATION OF PROBLEM:
"In the past, a hacker was at the mercy of waiting long periods of time for legitimate traffic on a wireless LAN to collect 10 million of packets to break a WEP key. In my previous blog on this topic, which was based on Mike Ossmann’s WEP article, I alerted you to the startling fact that even wireless LANs that used 802.1x/EAP authentication to dynamically assign unique per-user, per-session WEP keys were no longer safe against WEP hacking since WEP cryptanalysis had improved 50 fold. Instead of waiting for hours or even days for those 10 million packets, you now only needed about 200,000 packets to break WEP. Even though dynamic WEP key rotation could change a user’s WEP key every few minutes or so (note that key rotation isn’t always implemented by default), the new WEP cryptanalysis techniques put even dynamic WEP in striking range. Now with the new active attacks on WEP described in Ossmann’s follow-up article, hackers no longer need to passively wait for legitimate packets on a wireless LAN because they can actively inject packets into a wireless LAN to ensure a speedy packet collection session. The end result is, any WEP based network with or without Dynamic WEP keys can now be cracked in minutes!"

http://blogs.zdnet.com/Ou/index.php?p=41

Original article here:

 


Categories

%d bloggers like this: