Re: Is Dynamic WEP Secure Enough?

[Vladamir <wireless.insecurity () gmail com>]

Wep is secure as long as you don't see sharing all your resources with 
an attacker.

Kelly Martin wrote:
> No, WEP can be cracked in less than ten minutes (even on a network 
> without much traffic - a hacker can stimulate his own traffic). Rotating 
> keys just isn't enough to cover the weaknesses, unless you want to 
> rotate keys every three minutes. :) Personally I think WPA is the only 
> way to go, or else you might as well keep the network open and turn WEP 
> off entirely.
>
> We published the following articles by Michael Ossmann on SecurityFocus 
> recently:
>
> WEP: Dead Again, Part 1  http://www.securityfocus.com/infocus/1814
> WEP: Dead Again, Part 2  http://www.securityfocus.com/infocus/1824
>
> Regards,
>
> Kelly Martin
>
>
> Jon Smith wrote:
>
> > Hi
> > I am responsible for a large wireless infrastructure upgrade.  Right 
> > now my plan is use PEAP w MSCHAP v2 with dynamic WEP crypto for my 
> > corporate SSID (I have others with much lower security requirements).  
> > I cannot easily go to WPA without ditching all my current devices that 
> > do not support it (good luck getting that past the CFO).  We have a 
> > lot of physical security and surveillance with very tight controls, my 
> > primary area of concern would be people like myself sitting in the 
> > parking lot.  Due to one of our applications, we will be sending a 
> > clear strong signal to the parking lot.  Is this enough security and 
> > encryption to significantly slow intrusion attempts?  Between 
> > direction finding capabilities of the Access Points and our roaming 
> > guards it would be a matter of time before we detected them.
> >
> > Thanks
> >
> > Rocko
> >
> > _________________________________________________________________
> > Is your PC infected? Get a FREE online computer virus scan from 
> > McAfee® Security. 
> > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963