List Info

Thread: WEP cracked even worse
WEP cracked even worse
country flaguser name
United States		 2007-04-03 18:43:36 
Not that WEP has been considered remotely secure for some
time, but
the best crack is now down to 40,000 packets for a 50%
chance of
cracking the key.

http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/

-- 
Perry E. Metzger		perrypiermont.com

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
RE: WEP cracked even worse
country flaguser name
United Kingdom		 2007-04-03 20:38:37 
On 04 April 2007 00:44, Perry E. Metzger wrote:

> Not that WEP has been considered remotely secure for
some time, but
> the best crack is now down to 40,000 packets for a 50%
chance of
> cracking the key.
> 
> http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/


  Sorry, is that actually better than "The final nail
in WEP's coffin", which
IIUIC can get the entire keystream (who needs the key?) in
log2(nbytes) packet
exchanges (to oversimplify a bit, but about right
order-of-magnitude)?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
Re: WEP cracked even worse
country flaguser name
Germany		 2007-04-05 10:31:46 
On Apr 4, 2007, at 03:38 , Dave Korn wrote:

> On 04 April 2007 00:44, Perry E. Metzger wrote:
>
>> Not that WEP has been considered remotely secure
for some time, but
>> the best crack is now down to 40,000 packets for a
50% chance of
>> cracking the key.
>>
>> http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/
>
>
>   Sorry, is that actually better than "The final
nail in WEP's  
> coffin", which
> IIUIC can get the entire keystream (who needs the key?)
in log2 
> (nbytes) packet
> exchanges (to oversimplify a bit, but about right
order-of-magnitude)?


Hi Dave,

this of course is a question of how you value an attack: a
key  
recovery usually is worth more than a decryption oracle.

To send arbitrary packets with the fragmentation attacks
described in  
[1, Section 2.6], you need just a single (suitable) data
packet.  
However, in order to decrypt packets, you need either 2
(connectivity  
to other networks that you have a host on that you can
control, e.g  
the internet) or approx. 2^7 packets (no access to outside
hosts)  
_per byte_ that you want to decrypt. Our method surely pays
of if you  
want to decrypt more than a handful of packets.

Cheers,
Ralf

[1] Andrea Bittau, Mark Handley, Joshua Lackey
     The Final Nail in WEP’s Coffin
     IEEE Symposium on Security and Privacy 2006,
     http://doi.ieeecomputersociety.org/10.1109/SP.2006.40
------------------------------------------------------------
---------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography"
to majordomometzdowd.com
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )