[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How secure is OpenBSD software wep?



There are a number of generic WEP attacks:
1) dictionary (the old ticks endure....)
2) Weak IV (weak key) generation / rotation.
3) MIC (aka bit-flipping) attacks [MIC=message integrity check]

1) Will be here all the time we don't use certificates.
2) Is *generally* avoidable, and I would
expect IV generation in openbsd to be really good.
3) Is impossible to defend against with just WEP. WiFi (+Cisco) fixed
this with a MIC outside the encrypted data, allowing the AP/peer to
drop bit flipped or otherwise invalid frames silently.

3) Is the real reason that WiFi is better, but WiFi also supports
per-packet-keying (aka TKIP), which gives the whole datastream that
block-chaining robustness, and WEP never has TKIP, and so will always
be vulnerable to 1) for both confidentiality and authentication.

But to answer your main question, weak keys is simply poor random
number generation, and I would expect that getting 'poor' random number
from _any_ OpenBSD API to be quite hard :-)

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom_(_at_)_devitto_(_dot_)_com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-misc_(_at_)_openbsd_(_dot_)_org [mailto:owner-misc_(_at_)_openbsd_(_dot_)_org] On Behalf Of
Andreas Bartelt
Sent: Monday, December 08, 2003 7:27 PM
To: misc_(_at_)_OpenBSD_(_dot_)_org
Subject: How secure is OpenBSD software wep?

Hi,

I'm wondering if there are known attacks against OpenBSD software wep (with
104bit wep key). On deadly.org I've read that software wep is capable of
weak key avoidance.

How much traffic must approximately be sniffed to compute the key? Or isn't
this possible at all when using weak key avoidance?

Are there other known methods to break wep (assuming weak key avoidance is
enabled)?

regards,
Andreas



Visit your host, monkey.org