RSA Addresses 802.11b WLAN Security Flaw

R. A. Hettinga rah at
Mon Dec 17 18:23:55 EST 2001,3428,a%253D20192,00.asp

RSA Addresses 802.11b WLAN Security Flaw
December 17, 2001
By: Dennis Fisher , eWEEK

RSA Security, along with several encryption experts, has developed a new
technology that it says will solve one of the major security flaws in
802.11b wireless LANs.

WLANs have been beset by security problems almost since their introduction,
but the last year has been particularly troublesome for the much-hyped
802.11b standard. Security researchers found a flaw in the way the WEP
(wired equivalent privacy) encryption protocol implements the RC4 algorithm
that enables attackers to guess encryption keys by sniffing a small number
of packets.

RSA's technology, which the company developed in conjunction with engineers
from Hifn Inc. and other IEEE 802.11 committee members, addresses this
problem by generating a unique RC4 encryption key for each packet sent over
a WLAN. The Fast Packet Keying software saves time by precalculating some
of the data needed to generate the keys.

The technology has been accepted by the IEEE as an add-on to its 802.11
standard, RSA said.

RSA also got a helping hand in writing the software from Ron Rivest, one of
its founders and the author of the RC4 algorithm.

The new technology is intended to be a firmware or software patch for
existing WLANs.

"This shows that you can do it right with a correct implementation," said
Mike Vergara, director of product marketing at RSA in Bedford, Mass.
Copyright (c) 2001 Ziff Davis Media Inc. All Rights Reserved.
R. A. Hettinga <mailto: rah at>
The Internet Bearer Underwriting Corporation <>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list