RE: WEP cracked even worse

2007-04-05 Thread Dave Korn
On 04 April 2007 00:44, Perry E. Metzger wrote:

 Not that WEP has been considered remotely secure for some time, but
 the best crack is now down to 40,000 packets for a 50% chance of
 cracking the key.
 
 http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/


  Sorry, is that actually better than The final nail in WEP's coffin, which
IIUIC can get the entire keystream (who needs the key?) in log2(nbytes) packet
exchanges (to oversimplify a bit, but about right order-of-magnitude)?

cheers,
  DaveK
-- 
Can't think of a witty .sigline today

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: WEP cracked even worse

2007-04-05 Thread Ralf-Philipp Weinmann


On Apr 4, 2007, at 03:38 , Dave Korn wrote:


On 04 April 2007 00:44, Perry E. Metzger wrote:


Not that WEP has been considered remotely secure for some time, but
the best crack is now down to 40,000 packets for a 50% chance of
cracking the key.

http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/



  Sorry, is that actually better than The final nail in WEP's  
coffin, which
IIUIC can get the entire keystream (who needs the key?) in log2 
(nbytes) packet

exchanges (to oversimplify a bit, but about right order-of-magnitude)?



Hi Dave,

this of course is a question of how you value an attack: a key  
recovery usually is worth more than a decryption oracle.


To send arbitrary packets with the fragmentation attacks described in  
[1, Section 2.6], you need just a single (suitable) data packet.  
However, in order to decrypt packets, you need either 2 (connectivity  
to other networks that you have a host on that you can control, e.g  
the internet) or approx. 2^7 packets (no access to outside hosts)  
_per byte_ that you want to decrypt. Our method surely pays of if you  
want to decrypt more than a handful of packets.


Cheers,
Ralf

[1] Andrea Bittau, Mark Handley, Joshua Lackey
The Final Nail in WEP’s Coffin
IEEE Symposium on Security and Privacy 2006,
http://doi.ieeecomputersociety.org/10.1109/SP.2006.40
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


WEP cracked even worse

2007-04-03 Thread Perry E. Metzger

Not that WEP has been considered remotely secure for some time, but
the best crack is now down to 40,000 packets for a 50% chance of
cracking the key.

http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/

-- 
Perry E. Metzger[EMAIL PROTECTED]

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]