January 12th, 2003, 11:03 PM
I was looking at some math stuff and came across this link on the government and cryptography. I did a quick search here and it seems it hasn't been discussed in over a year. So, for anyone who's interested.....
Attached you will find a new paper which describes a truly practical direct attack on WEP's cryptography. It is an extremely powerful attack which can be applied even when WEP's RC4 stream cipher uses a 2048 bit secret key (its maximal size) and 128 bit IV modifiers (as proposed in WEP2). The attacker can be a completely passive eavesdropper (i.e., he does not have to inject packets, monitor responses, or use accomplices) and thus his existence is essentially undetectable. It is a pure known-ciphertext attack (i.e., the attacker need not know or choose their corresponding plaintexts). After scanning several hundred thousand packets, the attacker can completely recover the secret key and thus decrypt all the ciphertexts. The running time of the attack grows linearly instead of exponentially with the key size, and thus it is negligible even for 2048 bit keys.
January 13th, 2003, 12:28 AM
When it comes to breaking an algorithim the larger the traffic sample the better obviously. WEP should of gone with a different algorithim.