WEP Examined

lozvare writes "Thought you might find this interesting. It was posted on BugTraq this morning." I think the stories about this are exaggerated - no one has ever said that WEP couldn't be attacked, it's designed for moderate security, not strong. One of the reasons was U.S. Government export regulations - the standard predates the current loosening of crypto export rules.

Bit flipping attacks

While most of the attacks described do sound like they require fairly intense effort, the general vulernability of the CRC sounds like a serious problem. It means that a clever attacker can send duplicate packets to a destination of his choice, which is not at all nice. It also sounds as though it validates the objection that the designers lacked appropriate knowledge of cryptography. Any kind of hashing function would eliminate that problem while still achieving the goal of protecting data integrity.

WEP implementation flawed

The problem with WEP is not (in the case of these attacks) that it uses RC4 or a key that is not long enough. The problem is that the protocols used and the implementation of the algorithm in WEP was not done very well. The article cites two problems with the implementation: the fact that the initialization vector that seeds the algorithm is sent in the clear and the fact that the checksum used is linear and predictable. Saying after the fact that "WEP wasn't intended to be high security in the first place" just distracts from the mistakes made in the implementation. A different implementation of WEP could have still used RC4-128 and been much stronger. -pat