Security using WEP 128 (104)bit

Hi All,

Can anyone point me to a reliable reference that gives guidance as to
the appropriate frequency of key changes required to make WEP 128 bit
practically safe ?

Thanks,

Neil

"Neil" <(E-Mail Removed)> wrote in news:c4psk1$27g0$(E-Mail Removed):

> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes required to make WEP 128 bit
> practically safe ?

It depends on the traffic on your network.

But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128 about 8
- 40 hours.


Use WPA if possible.

--
Lucas Tam ((E-Mail Removed))
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

"Lucas Tam" <(E-Mail Removed)> wrote in message
news:Xns94C1B6B03B58Fnntprogerscom@140.99.99.130.. .
> "Neil" <(E-Mail Removed)> wrote in news:c4psk1$27g0$(E-Mail Removed):
>
>> Can anyone point me to a reliable reference that gives guidance as to
>> the appropriate frequency of key changes required to make WEP 128 bit
>> practically safe ?
>
> It depends on the traffic on your network.
>
> But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128 about 8
> - 40 hours.
>
>
> Use WPA if possible.
>
> --
> Lucas Tam ((E-Mail Removed))
> Please delete "REMOVE" from the e-mail address when replying.
> http://members.ebay.com/aboutme/coolspot18/

Are you talking about the number of hours required to crack both 64 and 128
WEP?

Harryc
--

"Harry C" <(E-Mail Removed)> wrote in
news:QM0cc.11090$(E-Mail Removed):

>> But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128
>> about 8 - 40 hours.
>>
> Are you talking about the number of hours required to crack both 64
> and 128 WEP?


Ha Ha... yes.

Geez, must of fell asleep at the keyboard.



--
Lucas Tam ((E-Mail Removed))
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Cracking 128-bit WEP key takes about 8 to 40 hours? Ha-ha-ha-ha, yeah
right! Have you tried cracking WEP key your own WAP? Theoritically WEP
keys are crackable but not that easy, allec. There are only 2 *nix based
programs that I know of, none runs on Windows. If crackers would see the
WEP keys in plain text, what then if I use Hex of these non-printable
characters:

Char Oct Dec Hex Control-Key Control Action
NUL 0 0 00 ^@ Null character
SOH 1 1 01 ^A Start of heading, = console interrupt
STX 2 2 02 ^B Start of text, maintenance mode on HP console
ETX 3 3 03 ^C End of text
EOT 4 4 04 ^D End of transmission, not the same as ETB
ENQ 5 5 05 ^E Enquiry, goes with ACK; old HP flow control
ACK 6 6 06 ^F Acknowledge, clears ENQ logon hand
BEL 7 7 07 ^G Bell, rings the bell...
BS 10 8 08 ^H Backspace, works on HP terminals/computers
HT 11 9 09 ^I Horizontal tab, move to next tab stop
LF 12 10 0a ^J Line Feed
VT 13 11 0b ^K Vertical tab
FF 14 12 0c ^L Form Feed, page eject
CR 15 13 0d ^M Carriage Return
SO 16 14 0e ^N Shift Out, alternate character set
SI 17 15 0f ^O Shift In, resume defaultn character set
DLE 20 16 10 ^P Data link escape
DC1 21 17 11 ^Q XON, with XOFF to pause listings; "kay to send".
DC2 22 18 12 ^R Device control 2, block-mode flow control
DC3 23 19 13 ^S XOFF, with XON is TERM=18 flow control
DC4 24 20 14 ^T Device control 4
NAK 25 21 15 ^U Negative acknowledge
SYN 26 22 16 ^V Synchronous idle
ETB 27 23 17 ^W End transmission block, not the same as EOT
CAN 30 24 17 ^X Cancel line, MPE echoes !!!
EM 31 25 19 ^Y End of medium, Control-Y interrupt
SUB 32 26 1a ^Z Substitute
ESC 33 27 1b ^[ Escape, next character is not echoed
FS 34 28 1c ^\ File separator
GS 35 29 1d ^] Group separator
RS 36 30 1e ^^ Record separator, block-mode terminator
US 37 31 1f ^_ Unit separator

How many people would try to crack WEP key of someone else WAP just to
access the Internet for free when there are lots of stupid people out
there who leave their WAP's security disabled?

On Mon, 5 Apr 2004, Lucas Tam wrote:

> "Harry C" <(E-Mail Removed)> wrote in
> news:QM0cc.11090$(E-Mail Removed):
>
> >> But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128
> >> about 8 - 40 hours.
> >>
> > Are you talking about the number of hours required to crack both 64
> > and 128 WEP?
>
>
> Ha Ha... yes.
>
> Geez, must of fell asleep at the keyboard.
>
>
>
>

JimboLee2@NETZER0@.NET wrote:

> If crackers would see the
> WEP keys in plain text, what then if I use Hex of these non-printable
> characters:

Crackers don't see any plain text. The programs used to break the WEP,
simply get enough info to calculate the key. Using non plain text keys
only reduces the chance of someone using a dictionary attack.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Thanks All for the interesting responses, getting back to the original
question,

Can anyone point me to a reliable reference that gives guidance as to
the appropriate frequency of key changes (time or data) required to make WEP
128 bit practically safe ?

Regards,

Neil


"James Knott" <(E-Mail Removed)> wrote in message
news:PGacc.12431$(E-Mail Removed) e.rogers.com...
> JimboLee2@NETZER0@.NET wrote:
>
> > If crackers would see the
> > WEP keys in plain text, what then if I use Hex of these non-printable
> > characters:
>
> Crackers don't see any plain text. The programs used to break the WEP,
> simply get enough info to calculate the key. Using non plain text keys
> only reduces the chance of someone using a dictionary attack.
>
> --
>
> Fundamentalism is fundamentally wrong.
>
> To reply to this message, replace everything to the left of "@" with
> james.knott.

"Neil" <(E-Mail Removed)> wrote in news:c4rdsm$2td$(E-Mail Removed):

> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes (time or data) required to
> make WEP 128 bit practically safe ?

We did answer your question... WEP is insecure, so no amount of keychanges
will secure your network.

I say change your key once every couple of months. If you're uber paranoid,
once a day or once a week.

Otherwise see if your AP supports WPA - it's much more secure.

--
Lucas Tam ((E-Mail Removed))
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

"JimboLee2@NETZER0@.NET" <(E-Mail Removed)> wrote in
news:Pine.LNX.4.44.0404042324470.1411-100000@localhost:

> If crackers would see the
> WEP keys in plain text, what then if I use Hex of these non-printable
> characters:
>

It doesn't matter - the programs reverse calculate the keys, so it doesn't
matter what you use for your keys.

As long as the program is able to capture enough packets... your keys will
be cracked.



--
Lucas Tam ((E-Mail Removed))
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Lucas Tam <(E-Mail Removed)> wrote in
news:Xns94C2546F64B3Enntprogerscom@140.99.99.130:

> I say change your key once every couple of months. If you're uber
> paranoid, once a day or once a week.

Then again I haven't changed my 40-bit key in a couple years and never had
a problem.

--
Lucas Tam ((E-Mail Removed))
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/