[83708] in cryptography@c2.net mail archive
Re: WEP cracked even worse
daemon@ATHENA.MIT.EDU (Ralf-Philipp Weinmann)
Thu Apr 5 15:52:58 2007
In-Reply-To: <01e301c77659$f70008d0$2e08a8c0@CAM.ARTIMI.COM>
Cc: "'Perry E. Metzger'" <perry@piermont.com>, <cryptography@metzdowd.com>
From: Ralf-Philipp Weinmann <weinmann@cdc.informatik.tu-darmstadt.de>
Date: Thu, 5 Apr 2007 17:31:46 +0200
To: "Dave Korn" <dave.korn@artimi.com>
X-MailScanner-From: weinmann@cdc.informatik.tu-darmstadt.de
On Apr 4, 2007, at 03:38 , Dave Korn wrote:
> On 04 April 2007 00:44, Perry E. Metzger wrote:
>
>> Not that WEP has been considered remotely secure for some time, but
>> the best crack is now down to 40,000 packets for a 50% chance of
>> cracking the key.
>>
>> http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
>
>
> Sorry, is that actually better than "The final nail in WEP's =20
> coffin", which
> IIUIC can get the entire keystream (who needs the key?) in log2=20
> (nbytes) packet
> exchanges (to oversimplify a bit, but about right order-of-magnitude)?
Hi Dave,
this of course is a question of how you value an attack: a key =20
recovery usually is worth more than a decryption oracle.
To send arbitrary packets with the fragmentation attacks described in =20=
[1, Section 2.6], you need just a single (suitable) data packet. =20
However, in order to decrypt packets, you need either 2 (connectivity =20=
to other networks that you have a host on that you can control, e.g =20
the internet) or approx. 2^7 packets (no access to outside hosts) =20
_per byte_ that you want to decrypt. Our method surely pays of if you =20=
want to decrypt more than a handful of packets.
Cheers,
Ralf
[1] Andrea Bittau, Mark Handley, Joshua Lackey
The Final Nail in WEP=92s Coffin
IEEE Symposium on Security and Privacy 2006,
http://doi.ieeecomputersociety.org/10.1109/SP.2006.40=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
