NEWS: Breaking WEP in minutes, or even seconds

<http://news.bbc.co.uk/2/hi/technology/6595703.stm>

...

Many home internet users rely on an encryption system called Wireless
Equivalent Protection (WEP) to stop others using their wi-fi link,
even though WEP has long been known to be flawed.

In early April three cryptographic researchers at the Darmstadt
Technical University in Germany revealed a method of exploiting the
flaws far more effectively.

Before now it took at least 20 minutes of monitoring the airwaves
before it was possible to break in to a wireless network protected by
WEP.

Now, armed with a program written by the researchers, it is possible
to break in to the same network far faster.

"Breaking in to a WEP protected network is now very easy to do," said
Erik Tews, one of the researchers.

"Doing it in 60 seconds is realistic, or five minutes in the very
worst case. We think now that WEP is really dead and we recommend
that no-one should use it."

In its place he recommends an encryption system called Wi-fi
Protected Access (WPA), introduced four years ago to replace WEP. "We
have had a very close look at WPA and we can't find anything to
exploit," he said.

[MORE]

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On May 1, 5:51 am, John Navas <spamfilt...@navasgroup.com> wrote:
> <http://news.bbc.co.uk/2/hi/technology/6595703.stm>
>
> ...
>
> Many home internet users rely on an encryption system called Wireless
> Equivalent Protection (WEP) to stop others using their wi-fi link,
> even though WEP has long been known to be flawed.

Even WPA without extra hardening, can be broken, see below
instrcuction video:

http://www.youtube.com/watch?v=Ep3CRtzAM_E

-aljuhani

On 30 Apr 2007 21:00:07 -0700, aljuhani <(E-Mail Removed)>
wrote in <(E-Mail Removed) .com>:

>On May 1, 5:51 am, John Navas <spamfilt...@navasgroup.com> wrote:
>> <http://news.bbc.co.uk/2/hi/technology/6595703.stm>
>>
>> ...
>>
>> Many home internet users rely on an encryption system called Wireless
>> Equivalent Protection (WEP) to stop others using their wi-fi link,
>> even though WEP has long been known to be flawed.
>
>Even WPA without extra hardening, can be broken, see below
>instrcuction video:
>
>http://www.youtube.com/watch?v=Ep3CRtzAM_E

Utter nonsense -- too many serious errors for me to waste time listing
them (e.g., to disable SSID broadcast, which is worse than pointless).

WPA with a recommended passphrase defeats a brute force attack and thus
can't be broken by that silly video.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

aljuhani <(E-Mail Removed)> hath wroth:

>Even WPA without extra hardening, can be broken, see below
>instrcuction video:
>
>http://www.youtube.com/watch?v=Ep3CRtzAM_E

Yech, Powerpoint. Most of the presentation is about WEP cracking.
The WPA part uses aircrack and a dictionary attack. That only works
for fairly short pass phrases that are in the wordlist. Even simple
measures, such as using foreign words or long pass phrases, renders
the dictionary attack ineffective.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

John Navas <(E-Mail Removed)> wrote:

> <http://news.bbc.co.uk/2/hi/technology/6595703.stm>
>
> ...
>
> Many home internet users rely on an encryption system called Wireless
> Equivalent Protection (WEP) to stop others using their wi-fi link,
> even though WEP has long been known to be flawed.
>
> In early April three cryptographic researchers at the Darmstadt
> Technical University in Germany revealed a method of exploiting the
> flaws far more effectively.
>
> Before now it took at least 20 minutes of monitoring the airwaves
> before it was possible to break in to a wireless network protected by
> WEP.
>
> Now, armed with a program written by the researchers, it is possible
> to break in to the same network far faster.

The important words here are: "it is possible".

See:

Message-ID: <1hwnqj3.nbra9h6ty52aN%(E-Mail Removed)>

On Tue, 1 May 2007 12:33:52 +0200, (E-Mail Removed) (Axel
Hammerschmidt) wrote in <1hxfpfr.9v6zk5m0kg02N%(E-Mail Removed)>:

>John Navas <(E-Mail Removed)> wrote:
>
>> <http://news.bbc.co.uk/2/hi/technology/6595703.stm>
>>
>> ...
>>
>> Many home internet users rely on an encryption system called Wireless
>> Equivalent Protection (WEP) to stop others using their wi-fi link,
>> even though WEP has long been known to be flawed.
>>
>> In early April three cryptographic researchers at the Darmstadt
>> Technical University in Germany revealed a method of exploiting the
>> flaws far more effectively.
>>
>> Before now it took at least 20 minutes of monitoring the airwaves
>> before it was possible to break in to a wireless network protected by
>> WEP.
>>
>> Now, armed with a program written by the researchers, it is possible
>> to break in to the same network far faster.
>
>The important words here are: "it is possible".

Which, when it comes to security, should put the matter to rest.
Otherwise you're playing Russian Roulette.

>See:
>
>Message-ID: <1hwnqj3.nbra9h6ty52aN%(E-Mail Removed)>

That doesn't give me much sense of security. You?

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Tue, 01 May 2007 05:30:58 GMT, John Navas
<(E-Mail Removed)> wrote in
<(E-Mail Removed)>:

>On 30 Apr 2007 21:00:07 -0700, aljuhani <(E-Mail Removed)>
>wrote in <(E-Mail Removed) .com>:
>
>>On May 1, 5:51 am, John Navas <spamfilt...@navasgroup.com> wrote:
>>> <http://news.bbc.co.uk/2/hi/technology/6595703.stm>
>>>
>>> ...
>>>
>>> Many home internet users rely on an encryption system called Wireless
>>> Equivalent Protection (WEP) to stop others using their wi-fi link,
>>> even though WEP has long been known to be flawed.
>>
>>Even WPA without extra hardening, can be broken, see below
>>instrcuction video:
>>
>>http://www.youtube.com/watch?v=Ep3CRtzAM_E
>
>Utter nonsense -- too many serious errors for me to waste time listing
>them (e.g., to disable SSID broadcast, which is worse than pointless).
>
>WPA with a recommended passphrase defeats a brute force attack and thus
>can't be broken by that silly video.

p.s. WPA does have a weakness in that it can be attacked offline (using
captured data), but that weakness only matters in the case of weak
passphrases that can be cracked with a dictionary or brute force attack.
The recommended passphrase (longer than 20 characters) makes a
dictionary or brute force attack infeasible.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

John Navas <(E-Mail Removed)> wrote:

> On Tue, 1 May 2007 12:33:52 +0200, (E-Mail Removed) (Axel
> Hammerschmidt) wrote in <1hxfpfr.9v6zk5m0kg02N%(E-Mail Removed)>:
>
> >John Navas <(E-Mail Removed)> wrote:
> >
> >> <http://news.bbc.co.uk/2/hi/technology/6595703.stm>

<snip>

> >> Now, armed with a program written by the researchers, it is possible
> >> to break in to the same network far faster.
> >
> >The important words here are: "it is possible".
>
> Which, when it comes to security, should put the matter to rest.
> Otherwise you're playing Russian Roulette.

Why?

> >See:
> >
> >Message-ID: <1hwnqj3.nbra9h6ty52aN%(E-Mail Removed)>
>
> That doesn't give me much sense of security. You?

When you look closer, it's not a big deal.

On Tue, 1 May 2007 18:22:25 +0200, (E-Mail Removed) (Axel
Hammerschmidt) wrote in <1hxg4xi.111j4rg1t2w430N%(E-Mail Removed)>:

>John Navas <(E-Mail Removed)> wrote:

>> >> Now, armed with a program written by the researchers, it is possible
>> >> to break in to the same network far faster.
>> >
>> >The important words here are: "it is possible".
>>
>> Which, when it comes to security, should put the matter to rest.
>> Otherwise you're playing Russian Roulette.
>
>Why?

It's like unsafe sex. Infection is "possible", not certain, but the
consequences are high.

>> >See:
>> >
>> >Message-ID: <1hwnqj3.nbra9h6ty52aN%(E-Mail Removed)>
>>
>> That doesn't give me much sense of security. You?
>
>When you look closer, it's not a big deal.

We'll just have to agree to disagree. I sincerely wish you the best of
luck.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>

On Tue, 01 May 2007 02:51:09 GMT, in alt.internet.wireless , John
Navas <(E-Mail Removed)> wrote:

> Many home internet users rely on an encryption system called Wireless
> Equivalent Protection (WEP) to stop others using their wi-fi link,
> even though WEP has long been known to be flawed.

John, sorry to intrude, but you post this or a similar article often
enough for it to hit my troll filters now.

Perhaps you could try to post some actual new information about WEP
occasionally? I mean, everyone and their dog knows its crap, but just
bcos someon can do it slightly faster isn't news. Uunless the victim
is a worthy target nobody is going to bother anyway.

MJMM, hiding behind more layers than Shrek.

--
Mark McIntyre