Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: New results on WEP (fwd)

From: David Farber <dave () farber net>
Date: Thu, 26 Jul 2001 19:59:09 -0400




To: cryptography () wasabisystems com
Subject: New results on WEP (fwd)
Date: Wed, 25 Jul 2001 19:13:29 -0400
From: Matt Blaze <mab () research att com>
Sender: owner-cryptography () wasabisystems com


Adi Shamir and his colleagues have some interesting
new results on RC4 with a practical attack against WEP.
With Adi's permission, I've made available a (PostScript)
copy of a draft of his paper at:
  http://www.crypto.com/papers/others/rc4_ksaproc.ps

(Fortunately, as far as I know WEP isn't used for copy protection,
so it's still legal to disseminate and traffic in this kind
of information...)

- -matt

- ------ Forwarded Message

Date: Thu, 26 Jul 2001 00:50:03 +0300
From: Shamir Adi <shamir () wisdom weizmann ac il>
Organization: Weizmann Institute of Sciense, Faculty of Mathematics
To: mab () research att com
Subject: New results on WEP

Dear Matt,

WEP is the security protocol used in the widely deployed
IEEE 802.11 wireless LAN's. This protocol received a lot
of attention this year, and several groups of researchers
have described a number of ways to bypass its security.

Attached you will find a new paper which describes a truly
practical direct attack on WEP's cryptography. It is an
extremely powerful attack which can be applied even when
WEP's RC4 stream cipher uses a 2048 bit secret key (its
maximal size) and 128 bit IV modifiers (as proposed in WEP2).
The attacker can be a completely passive eavesdropper (i.e.,
he does not have to inject packets, monitor responses, or
use accomplices) and thus his existence is essentially
undetectable. It is a pure known-ciphertext attack
(i.e., the attacker need not know or choose their
corresponding plaintexts). After scanning several hundred
thousand packets, the attacker can completely recover the
secret key and thus decrypt all the ciphertexts. The running
time of the attack grows linearly instead of exponentially
with the key size, and thus it is negligible even for 2048
bit keys.

I'll appreciate your comments and suggestions. Please feel
free to forward this email to your colleagues.


Sincerely yours,

Adi Shamir




For archives see: http://www.interesting-people.org/
Previous By Date Next
Previous By Thread Next

Current thread: