On TV.com: Who's Absent From LOST's Final Season?
BNET Business Network:
BNET
TechRepublic
ZDNet

April 5th, 2007

German researchers put final nail in WEP

Posted by George Ou @ 1:21 am

Categories: Desktop, Hardware, Infrastructure, Microsoft, Mobile/Wireless, Networking, News, Security

Tags:

A group of German cryptographic researchers (Erik Tews, Andrei Pychkine, and Ralf-Philipp Weinmann) at the cryptography and computer algebra group at the technical university Darmstadt in Germany have come up with a new statistical attack against WEP (Wired Equivalent Privacy) that's faster than anything achieved before. Wireless security researcher Jon "Johnny Cache" Ellch was so impressed with the work that he declared, "This is going to be more than an order of magnitude faster than all of the previous statistical attacks." Ellch added that the code weighed in at an "astounding 700 lines of code" and that he couldn't wait to start testing and re-implementing it.

Up until this point, with the KoReK class of attacks being the fastest thing around, I've typically considered WEP 104 (incorrectly known as WEP 128) to be breakable in just over eight minutes on average on an 802.11g network operating at peak 24 mbps sustainable throughput. Under idle network conditions, a passive attack on WEP would be impractical, but an attacker can use ARP replay attacks to induce responses from legitimate hosts to generate data. Using the packet injection ARP replay attack, WEP 104-bit encryption would be broken in about 22 minutes on average.

But with the new aircrack-ptw (Pychkine Tews Weinmann) algorithm, which runs about 20 times faster than the previous class of WEP-cracking algorithms based on the work of hacker "KoReK," WEP can fall in an average of 20 seconds on an 802.11g network and an average of 80 seconds on an 802.11b network if the network is very busy. For an idle network that's being attacked with packet injection, WEP can fall in an average of 52 seconds for 802.11g or 3.5 minutes with 802.11b. But we have to assume the worst, and the cracking can sometimes happen even faster than the average times I listed. What this means is that WEP (even with dynamic key rotation) is officially broken beyond repair.

I had pretty much declared WEP dead more than two years ago, but there was some room left for aggressive dynamic WEP key rotation. Now that WPA and even WPA2 can be automatically deployed within the Windows environment, there really is no excuse to be using WEP anymore. As of this latest round of WEP-cracking with aircrack-ptw, I'm adding WEP to my list of wireless LAN myths as the seventh dumbest way to secure a wireless LAN. It's still at the bottom of the list because WEP at least still takes a little bit of work to crack, whereas it takes ZERO effort to crack MAC filtering, SSID hiding, and DHCP disabling.

Businesses can follow my ultimate enterprise wireless LAN security guide. Home users need to implement WPA-PSK with a simple random 10-character (or more) alphanumeric password. For those of you who own a Nintendo DS system, you may be tempted to downgrade your security to WEP to accommodate your WPA-incapable Nintendo DS. But you've been warned how dangerous it is to run WEP. When the Sony PSP came out with WEP-only support, I slammed them for it, and it got a lot of attention within the PSP community. A year after I slammed Sony for not putting in real wireless LAN security, it updated the PSP with a newer firmware that did support WPA security. The time has come for the Nintendo community to band together and demand a fix from Nintendo. There are also some other consumer electronics devices that support WEP only, and you'll need to complain to them as well to get a fix.

Should Nintendo or companies with WEP-only products offer WPA upgrades?

View Results

Loading ... Loading ...

.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 50 Talkback(s)
If it helps
I know one of the problematic installations is using a linksys 802.11b wireless acces point. It may simply be a compatibility issue, but it does work fine with the other four pcs using the same access point.... (Read the rest)
Posted by: nmh Posted on: 04/13/07 You are currently: a Guest | | Terms of Use
Speaking of Sony and wireless technology  nmh | 04/05/07
Let me check in to that  georgeou | 04/05/07
If it helps  nmh | 04/13/07
Nintendo made the move on the Wii, don't be so quick to judge George  Scrat | 04/05/07
WPA was widely available back then  georgeou | 04/05/07
DS Lite came out in 2006  MarvinK | 04/05/07
Thank you for the link  georgeou | 04/05/07
Can you please stop the...  pileofmonkeycrap | 04/05/07
That's the name he goes by.  georgeou | 04/05/07
Ha! Thats funny! Ha! Ha!  Cayble | 04/05/07
A question about the DS  Michael Kelly | 04/05/07
Not many people will set up a DMZ for their DS  georgeou | 04/05/07
Like TiVo series 2 and certain adapters...  mrtuba9 | 04/05/07
Ah, I should have called out Tivo by name  georgeou | 04/05/07
Tivo does support WPA  Michael Kelly | 04/05/07
Who has time to hack WEP?  Narg | 04/05/07
People like you is why we need full disclosure  georgeou | 04/05/07
Stupid until you get pwned  klumper | 04/05/07
Have you heard of a court-ordered wire tap?  D. T. Schmitz | 04/08/07
WPA2 or even WPA is enough, don't need MAC filtering  georgeou | 04/08/07
ok thanks George happy  D. T. Schmitz | 04/08/07
Time?  justanitguy | 04/05/07
Loaded Survey, yet I agree.  KWierso | 04/05/07
How else should I word the survey?  georgeou | 04/05/07
It's still a real issue  AlanGeek | 04/06/07
Security and OS's  kRogue | 04/09/07
Ignorant to believe that's the only factor in security  georgeou | 04/09/07
too much coffee for Ou.  kRogue | 04/09/07
George, good point, but stop the loaded polls  TripleII | 04/06/07
Forget the nominal fee  georgeou | 04/06/07
Either way  TripleII | 04/06/07
WLAN Security for DS? Why on Earh?  kRogue | 04/08/07
small edit  kRogue | 04/08/07
And you don't think that's a bad thing?  georgeou | 04/08/07
That's nonsense  georgeou | 04/08/07
big antennas are not enough.  kRogue | 04/09/07
Are you even for real?  georgeou | 04/09/07
Response.  kRogue | 04/09/07
FYI  D. T. Schmitz | 04/09/07
oh man, about Ou..  kRogue | 04/09/07
Thank you Prof. kRogue  D. T. Schmitz | 04/09/07
Don't feed the troll, nt  georgeou | 04/09/07
or Ou for that matter?  kRogue | 04/10/07
Coming Soon: All Modern Encryption  bcroner | 04/09/07
Wait let me take a look  D. T. Schmitz | 04/09/07
What Next?  gazzerjay@... | 04/10/07
its and arm's race  kRogue | 04/10/07
You do not know what you're talking about, period. NT  georgeou | 04/11/07
what is your problem?  kRogue | 04/11/07
No, people have been trying to crack WPA for many years  georgeou | 04/11/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    advertisement

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
    • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
    • Smart People The best and worst moves in the management and strategy trenches. Learn More