On Apr 4, 2007, at 03:38 , Dave Korn wrote:

On 04 April 2007 00:44, Perry E. Metzger wrote:

Not that WEP has been considered remotely secure for some time, but
the best crack is now down to 40,000 packets for a 50% chance of
cracking the key.


Sorry, is that actually better than "The final nail in WEP's coffin", which IIUIC can get the entire keystream (who needs the key?) in log2 (nbytes) packet
exchanges (to oversimplify a bit, but about right order-of-magnitude)?

Hi Dave,

this of course is a question of how you value an attack: a key recovery usually is worth more than a decryption oracle.

To send arbitrary packets with the fragmentation attacks described in [1, Section 2.6], you need just a single (suitable) data packet. However, in order to decrypt packets, you need either 2 (connectivity to other networks that you have a host on that you can control, e.g the internet) or approx. 2^7 packets (no access to outside hosts) _per byte_ that you want to decrypt. Our method surely pays of if you want to decrypt more than a handful of packets.


[1] Andrea Bittau, Mark Handley, Joshua Lackey
    The Final Nail in WEP’s Coffin
    IEEE Symposium on Security and Privacy 2006,
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to