From: "Rick R." <os2-wireless_users@2rosenthals.com>
Received: from mxout4.mailhop.org ([63.208.196.168] verified)
  by 2rosenthals.com (CommuniGate Pro SMTP 5.0.9)
  with ESMTP id 400406 for os2-wireless_users@2rosenthals.com; Mon, 02 Oct 2006 05:26:07 -0400
Received: from mxin2.mailhop.org ([63.208.196.176])
	by mxout4.mailhop.org with esmtp (Exim 4.51)
	id 1GUK3p-0004fb-PK
	for os2-wireless_users@2rosenthals.com; Mon, 02 Oct 2006 05:26:06 -0400
Received: from web60611.mail.yahoo.com ([209.73.178.194])
	by mxin2.mailhop.org with smtp (Exim 4.51)
	id 1GUK3p-000Gad-NQ
	for os2-wireless_users@2rosenthals.com; Mon, 02 Oct 2006 05:26:05 -0400
Received: (qmail 50882 invoked by uid 60001); 2 Oct 2006 09:26:00 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
  s=s1024; d=yahoo.com;
  h=Message-ID:Received:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding;
  b=CXpoeXuEmz2rSElr/Qf9xNjR2YI0NSVs1hhY82y+i1pH5edkzIzYm3olIS+z8v2qt8oDEf0dJWKyUE2PuI/huGt9iK3CVGvQsn0I02KVT7AmRfXJxQuzgHrYtw2sRad/oQMlsPEcn9o+9KhA5CmOyFSP2+ouSl4Ac4zMyWH/qlY=  ;
Message-ID: <20061002092600.50880.qmail@web60611.mail.yahoo.com>
Received: from [208.252.246.35] by web60611.mail.yahoo.com via HTTP; Mon, 02 Oct 2006 02:26:00 PDT
Date: Mon, 2 Oct 2006 02:26:00 -0700 (PDT)
Subject: Re: [OS2Wireless]Re: 104-bit WEP Key
To: OS/2 Wireless Users Mailing List <os2-wireless_users@2rosenthals.com>
In-Reply-To: <list-399214@2rosenthals.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-957673942-1159781160=:30995"
Content-Transfer-Encoding: 8bit
X-Mail-Handler: MailHop by DynDNS
X-Spam-Score: -1.7 (-)

--0-957673942-1159781160=:30995
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

>even a 1024 bit key for WEP with the new hacking methods could likely be
  >cracked easier than a good 256 bit file encryption.
   
  OK, as I started to wonder what good encryption does you in the 1st place..
  Heck, after everyone made such a big splash about securing once WiFi access connections, that cracking crap comes along.
   
  Its like locking your door when anyone's got a key anyway!


Christian Langanke <os2-wireless_users@2rosenthals.com> wrote:
  Rick R. wrote:
> That means 128bit is indeed only 104 bit "strong"?!

No, of course not. The IV of 24 bits is used as well for the encryption. 
Unfortunately, as long as this is not truly a random number, like it was 
defined in the specs (some older hardware used to increase a 24 bit 
number for the next package, starting from zero). This made a dictionary 
hacking approach more simple, which was the state-of-the-art hacking 
approach until mid of last year.

BTW, the weakness of WEP is more related to the way of how the key is 
used to cipher a TCP/IP package. Using 24 bits less would not make much 
difference.

The new hacking methods discovered last year (using some network 
techniques like error checks on corrupted frames) are far quicker than 
any dictionary approach, so even 1024 bit WEP keys wouldn't do much 
better. Cracking it would then take perhaps 20 mins and not five 
minutes. The bad thing on WEP is not the small number of bits in key 
length, but that the keys are static. that is changed by WPA, where the 
keys can be changed after a given period of time (in fact the 24 bit IV 
was kind of a workaround to make the WEP keys less static, but as we 
know now, this was not sufficient at all...). My access point offers to 
change the WPA key in minutes, so I set it to change it every minute.

BTW, XWLAN will come with WPA support soon. Unfortunately only for 
genmac driven devices, but the older drivers cannot be modified as they 
are closed source. For _secured_ wifi we need to dump the old PCMCIA 
cards I am afraid (but they are only 11mbit devices anyway). Or perhaps 
one day Willibald Meyer changes opinion and will support them as well in 
GenMac.

> So you can't simply compare 128/256 bit file encrytpion to 128/256 bit 
> WiFi encryption strength then?!
You cannot do that anyway, as there is always the question of how the 
key is used anyway (block or stream cipher, direct or indirect use of 
the key, environment of where the encryption is used, etc...). Only if 
the complete method of encyption and the environments are comparable, it 
makes sense to compare the key length, and then say that longer key 
length is safer than a shorter one. Just as stated above, even a 1024 
bit key for WEP with the new hacking methods could likely be cracked 
easier than a good 256 bit file encryption.

bye, Christian

-------------------------------------------------

Christian Langanke
COS2E & CWSE
Team OS/2 Ruhr e.V.
cla@clanganke.de

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to: 
To switch to the DIGEST mode, E-mail to 
To switch to the INDEX mode, E-mail to 
Send administrative queries to 
To subscribe (new addresses), E-mail to: and reply to the confirmation email.

This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



 		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1¢/min.
--0-957673942-1159781160=:30995
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit

<div>&gt;even a 1024 bit key for WEP with the new hacking methods could likely be</div>  <div>&gt;cracked easier than a good 256 bit file encryption.</div>  <div>&nbsp;</div>  <div>OK, as I started to wonder what good encryption does you in the 1st place..</div>  <div>Heck, after everyone made such a big splash about securing once WiFi access connections, that cracking crap comes along.</div>  <div>&nbsp;</div>  <div>Its like locking your door when anyone's got a key anyway!<BR><BR><BR><B><I>Christian Langanke &lt;os2-wireless_users@2rosenthals.com&gt;</I></B> wrote:</div>  <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Rick R. wrote:<BR>&gt; That means 128bit is indeed only 104 bit "strong"?!<BR><BR>No, of course not. The IV of 24 bits is used as well for the encryption. <BR>Unfortunately, as long as this is not truly a random number, like it was <BR>defined in the specs (some older hardware used to increase a 24 bit
 <BR>number for the next package, starting from zero). This made a dictionary <BR>hacking approach more simple, which was the state-of-the-art hacking <BR>approach until mid of last year.<BR><BR>BTW, the weakness of WEP is more related to the way of how the key is <BR>used to cipher a TCP/IP package. Using 24 bits less would not make much <BR>difference.<BR><BR>The new hacking methods discovered last year (using some network <BR>techniques like error checks on corrupted frames) are far quicker than <BR>any dictionary approach, so even 1024 bit WEP keys wouldn't do much <BR>better. Cracking it would then take perhaps 20 mins and not five <BR>minutes. The bad thing on WEP is not the small number of bits in key <BR>length, but that the keys are static. that is changed by WPA, where the <BR>keys can be changed after a given period of time (in fact the 24 bit IV <BR>was kind of a workaround to make the WEP keys less static, but as we <BR>know now, this was not sufficient at
 all...). My access point offers to <BR>change the WPA key in minutes, so I set it to change it every minute.<BR><BR>BTW, XWLAN will come with WPA support soon. Unfortunately only for <BR>genmac driven devices, but the older drivers cannot be modified as they <BR>are closed source. For _secured_ wifi we need to dump the old PCMCIA <BR>cards I am afraid (but they are only 11mbit devices anyway). Or perhaps <BR>one day Willibald Meyer changes opinion and will support them as well in <BR>GenMac.<BR><BR>&gt; So you can't simply compare 128/256 bit file encrytpion to 128/256 bit <BR>&gt; WiFi encryption strength then?!<BR>You cannot do that anyway, as there is always the question of how the <BR>key is used anyway (block or stream cipher, direct or indirect use of <BR>the key, environment of where the encryption is used, etc...). Only if <BR>the complete method of encyption and the environments are comparable, it <BR>makes sense to compare the key length, and then say that longer
 key <BR>length is safer than a shorter one. Just as stated above, even a 1024 <BR>bit key for WEP with the new hacking methods could likely be cracked <BR>easier than a good 256 bit file encryption.<BR><BR>bye, Christian<BR><BR>-------------------------------------------------<BR><BR>Christian Langanke<BR>COS2E &amp; CWSE<BR>Team OS/2 Ruhr e.V.<BR>cla@clanganke.de<BR><BR>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=<BR>This message is sent to you because you are subscribed to<BR>the mailing list <OS2-WIRELESS_USERS@2ROSENTHALS.COM>.<BR>To unsubscribe, E-mail to: <OS2-WIRELESS_USERS-OFF@2ROSENTHALS.COM><BR>To switch to the DIGEST mode, E-mail to <OS2-WIRELESS_USERS-DIGEST@2ROSENTHALS.COM><BR>To switch to the INDEX mode, E-mail to <OS2-WIRELESS_USERS-INDEX@2ROSENTHALS.COM><BR>Send administrative queries to <OS2-WIRELESS_USERS-REQUEST@2ROSENTHALS.COM><BR>To subscribe (new addresses), E-mail to: <OS2-WIRELESS_USERS-ON@2ROSENTHALS.COM>and reply to the
 confirmation email.<BR><BR>This list is hosted by Rosenthal &amp; Rosenthal<BR>P.O. Box 281, Deer Park, NY 11729-0281. Non-<BR>electronic communications related to content<BR>contained in these messages should be directed<BR>to the above address. (CAN-SPAM Act of 2003)<BR><BR>=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=<BR><BR></BLOCKQUOTE><BR><p>&#32;
		<hr size=1>Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. <a href="http://us.rd.yahoo.com/mail_us/taglines/postman7/*http://us.rd.yahoo.com/evt=39666/*http://messenger.yahoo.com"> Great rates starting at 1¢/min.
--0-957673942-1159781160=:30995--