Josh, Thanks for the information. You are correct that wpa2 has a much higher security level than wep. Wep should only be used when the radio clients do not support wpa or wpa2. Most pda's or barcode scanners do not support it. So it is either wep + key rotation or nothing. We still believe it is very difficult to in a practical situation decript the information when using short rotation intervals. We also base it on a test on what the hack conference last year where the setup with wep and short keyrotation survived the event.
As far as the wepkey rotation is concerned. You are correct that a large number of ap's do not support that. We reported that back to 4 suppliers from which all of them provided an update. We checked the key rotation in the (linux) driver and checked if a new key was indeed provided. Wim Bos -----Original Message----- From: Joshua Wright [mailto:[EMAIL PROTECTED] Sent: zondag 29 oktober 2006 15:01 To: wim Subject: Re: [WIRELESS-LAN] Dynamic WEP transition to WPA -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > So when rotating the key every 3 minutes, it is still unhackable. You > might be able to decript the 3 minutes of traffic. This is incorrect; there are plenty of mechanisms to manipulate the network even with very short key rotation. Further, I don't believe many implementations even rotate unicast keys regularly; you might want to ask your AP provider about that. If you want to watch for yourself, capture a trace for 10 minutes for a single station and watch the WEP IV counter (you'll need a station that selects WEP IV sequentially). If it resets to 0 every 3 minutes, you may have key rotation support on your AP. If not, chances are you use the same WEP key for the duration of the client's session, until they logoff and login again. > We have tried the method, but see no possibility with short rotation > times. Attacks like the WEP ICV inverse induction (chopchop) and replay attacks and PRGA determination from the 802.2 LLC header (Sorbox) are all possible with short key rotation intervals. On an 802.11a network, I wouldn't be surprised if traffic injection attacks are able to generate the 100,000+ packets needed to mount the extended FMS attacks within 3 minutes. WEP does not provide a measure of security that can be relied upon for confidentiality or integrity of wireless networks. Move to WPA2 if at all possible. - -Josh -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFFRLOHTS8i9jZYpL8RAt43AJ9gPFzgvTlnjIDGIZOGW7Iuoca3qACdEmI1 dWAv62a2Z0z3qpmHYVkr83Y= =hS05 -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
