Mailing List os2-wireless_users@2rosenthals.com Archived Message #1515

From: "Rick R." <os2-wireless_users@2rosenthals.com> Full Headers
Undecoded message
Subject: Re: [OS2Wireless]Re: 104-bit WEP Key
Date: Mon, 2 Oct 2006 02:26:00 -0700 (PDT)
To: OS/2 Wireless Users Mailing List <os2-wireless_users@2rosenthals.com>

>even a 1024 bit key for WEP with the new hacking methods could likely be
>cracked easier than a good 256 bit file encryption.
 
OK, as I started to wonder what good encryption does you in the 1st place..
Heck, after everyone made such a big splash about securing once WiFi access connections, that cracking crap comes along.
 
Its like locking your door when anyone's got a key anyway!


Christian Langanke <os2-wireless_users@2rosenthals.com> wrote:
Rick R. wrote:
> That means 128bit is indeed only 104 bit "strong"?!

No, of course not. The IV of 24 bits is used as well for the encryption.
Unfortunately, as long as this is not truly a random number, like it was
defined in the specs (some older hardware used to increase a 24 bit
number for the next package, starting from zero). This made a dictionary
hacking approach more simple, which was the state-of-the-art hacking
approach until mid of last year.

BTW, the weakness of WEP is more related to the way of how the key is
used to cipher a TCP/IP package. Using 24 bits less would not make much
difference.

The new hacking methods discovered last year (using some network
techniques like error checks on corrupted frames) are far quicker than
any dictionary approach, so even 1024 bit WEP keys wouldn't do much
better. Cracking it would then take perhaps 20 mins and not five
minutes. The bad thing on WEP is not the small number of bits in key
length, but that the keys are static. that is changed by WPA, where the
keys can be changed after a given period of time (in fact the 24 bit IV
was kind of a workaround to make the WEP keys less static, but as we
know now, this was not sufficient at all...). My access point offers to
change the WPA key in minutes, so I set it to change it every minute.

BTW, XWLAN will come with WPA support soon. Unfortunately only for
genmac driven devices, but the older drivers cannot be modified as they
are closed source. For _secured_ wifi we need to dump the old PCMCIA
cards I am afraid (but they are only 11mbit devices anyway). Or perhaps
one day Willibald Meyer changes opinion and will support them as well in
GenMac.

> So you can't simply compare 128/256 bit file encrytpion to 128/256 bit
> WiFi encryption strength then?!
You cannot do that anyway, as there is always the question of how the
key is used anyway (block or stream cipher, direct or indirect use of
the key, environment of where the encryption is used, etc...). Only if
the complete method of encyption and the environments are comparable, it
makes sense to compare the key length, and then say that longer key
length is safer than a shorter one. Just as stated above, even a 1024
bit key for WEP with the new hacking methods could likely be cracked
easier than a good 256 bit file encryption.

bye, Christian

-------------------------------------------------

Christian Langanke
COS2E & CWSE
Team OS/2 Ruhr e.V.
cla@clanganke.de

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message is sent to you because you are subscribed to
the mailing list .
To unsubscribe, E-mail to:
To switch to the DIGEST mode, E-mail to
To switch to the INDEX mode, E-mail to
Send administrative queries to
To subscribe (new addresses), E-mail to: and reply to the confirmation email.

This list is hosted by Rosenthal & Rosenthal
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.
Subscribe: Feed, Digest, Index.
Unsubscribe
Mail to ListMaster