Can be hacked between 50 and 95 per cent of the time
SECURITY EXPERTS say that the WEP protocol for security LANs is totally broken and should be dumped on sensitive networks.
Boffins at Darmstadt Polytechnic said that WEP uses the RC4 stream to encrypt data which is transmitted over the air, using usually a single secret key 40 or 104 bit long.
WEP has been known to be insecure since 2001 after Scott Fluhrer, Itsik Mantin, and Adi Shamir published an analysis of the RC4 stream cipher. Since then crackers have been able to recover the key to a greater or lesser degree of success.
In 2005, Andreas Klein presented another analysis of the RC4 stream cipher which proved there more correlations between the RC4 keystream. Darmstadt boffins took this idea and managed to adapt it so that it was possible to recover a 104 bit WEP key half the time using just 40,000 captured packets.
The more packets that the Darmstadt boffins could nick, the more likely it could find the key. With 85,000 packets intercepted, they could find the key 95 percent of the time.
Using 40,000 packets, which can be captured in less than a minute, computation takes about three seconds on a Pentium M 1.7 GHz.
The boffins say that the hack makes WEP as useful as a chocolate teapot in sensitive environments. Since most wireless equipment vendors provide support WPA1 and WPA2 punters should shift to that, they recommend.
More
here.
The INQuirer
Linear Mode
