Re: How secure is OpenBSD software wep?

["Dom De Vitto" <dom_(_at_)_DeVitto_(_dot_)_com>]

Yup, and it's always worth mentioning what WEP stands for:
"Wired Equivalent Privacy"

e.g. the same level of privacy you cat from CAT5 networks -
that's right, the ones you use IPSEC, SSH and HTTPS on....

And in reality, 'WEP' doesn't provide anything like W.E.P. :-)

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Dom De Vitto                                       Tel. 07855 805 271
http://www.devitto.com                         mailto:dom_(_at_)_devitto_(_dot_)_com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-----Original Message-----
From: owner-misc_(_at_)_openbsd_(_dot_)_org [mailto:owner-misc_(_at_)_openbsd_(_dot_)_org] On Behalf Of
Chuck Yerkes
Sent: Tuesday, December 09, 2003 1:07 AM
To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: How secure is OpenBSD software wep?

LEAP is Cisco proprietary.
TKIP, as far as I know, is NOT proprietary.

IPSEC and even PPTP are better to use than regular ol' WEP.

Quoting Bo Byrd (bo_(_at_)_bbyrd_(_dot_)_net):
> The OS you are using wont matter as part of generating weak or strong 
> keys.  The problem isnt necessarily with WEP, just how they decided to 
> impoliment it with the IV.  Since the IV is only 4 bits there are only
> 16 possibilities for its state.  So it ends up repeating a lot, 
> through no fault of an operating system, its just an implimentation 
> flaw that could have been fixed but they decided there was too much 
> product out there to risk looking bad by making it all obsolete with a wep
fix.
> 
> 
> Cisco has a good solution for using TKIP with WEP, that is pretty much 
> uncrackable, but I have yet to see anything like TKIP working with 
> hostap as of yet.
> 
> -Bo