Security Basics mailing list archives
Re: Is Dynamic WEP Secure Enough?
From: Vladamir <wireless.insecurity () gmail com>
Date: Mon, 21 Mar 2005 19:49:27 -0500
Wep is secure as long as you don't see sharing all your resources with an attacker.
Kelly Martin wrote:
No, WEP can be cracked in less than ten minutes (even on a network without much traffic - a hacker can stimulate his own traffic). Rotating keys just isn't enough to cover the weaknesses, unless you want to rotate keys every three minutes. :) Personally I think WPA is the only way to go, or else you might as well keep the network open and turn WEP off entirely.We published the following articles by Michael Ossmann on SecurityFocus recently:WEP: Dead Again, Part 1 http://www.securityfocus.com/infocus/1814 WEP: Dead Again, Part 2 http://www.securityfocus.com/infocus/1824 Regards, Kelly Martin Jon Smith wrote:HiI am responsible for a large wireless infrastructure upgrade. Right now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my corporate SSID (I have others with much lower security requirements). I cannot easily go to WPA without ditching all my current devices that do not support it (good luck getting that past the CFO). We have a lot of physical security and surveillance with very tight controls, my primary area of concern would be people like myself sitting in the parking lot. Due to one of our applications, we will be sending a clear strong signal to the parking lot. Is this enough security and encryption to significantly slow intrusion attempts? Between direction finding capabilities of the Access Points and our roaming guards it would be a matter of time before we detected them.Thanks Rocko _________________________________________________________________Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Current thread:
- Is Dynamic WEP Secure Enough? Jon Smith (Mar 21)
- Re: Is Dynamic WEP Secure Enough? John Pettitt (Mar 21)
- Re: Is Dynamic WEP Secure Enough? Vladamir (Mar 21)
- Re: Is Dynamic WEP Secure Enough? Kelly Martin (Mar 21)
- Re: Is Dynamic WEP Secure Enough? Vladamir (Mar 22)
- RE: Is Dynamic WEP Secure Enough? David Gillett (Mar 22)
- Re: Is Dynamic WEP Secure Enough? Steve (Mar 22)
- <Possible follow-ups>
- Re: Is Dynamic WEP Secure Enough? Jon Smith (Mar 22)
- Re: Is Dynamic WEP Secure Enough? shankarnarayan.d (Mar 23)
- Re: Is Dynamic WEP Secure Enough? John Pettitt (Mar 23)
- Re: Is Dynamic WEP Secure Enough? Vladamir (Mar 23)
- Re: Is Dynamic WEP Secure Enough? Kinnell (Mar 28)