New results on WEP (fwd)

Matt Blaze mab at research.att.com
Wed Jul 25 19:13:29 EDT 2001 

Adi Shamir and his colleagues have some interesting
new results on RC4 with a practical attack against WEP.
With Adi's permission, I've made available a (PostScript)
copy of a draft of his paper at:
  http://www.crypto.com/papers/others/rc4_ksaproc.ps

(Fortunately, as far as I know WEP isn't used for copy protection,
so it's still legal to disseminate and traffic in this kind
of information...)

-matt

------ Forwarded Message

Date: Thu, 26 Jul 2001 00:50:03 +0300
From: Shamir Adi <shamir at wisdom.weizmann.ac.il>
Organization: Weizmann Institute of Sciense, Faculty of Mathematics
To: mab at research.att.com
Subject: New results on WEP

Dear Matt,

WEP is the security protocol used in the widely deployed 
IEEE 802.11 wireless LAN's. This protocol received a lot 
of attention this year, and several groups of researchers 
have described a number of ways to bypass its security. 

Attached you will find a new paper which describes a truly 
practical direct attack on WEP's cryptography. It is an 
extremely powerful attack which can be applied even when 
WEP's RC4 stream cipher uses a 2048 bit secret key (its 
maximal size) and 128 bit IV modifiers (as proposed in WEP2). 
The attacker can be a completely passive eavesdropper (i.e., 
he does not have to inject packets, monitor responses, or 
use accomplices) and thus his existence is essentially 
undetectable. It is a pure known-ciphertext attack 
(i.e., the attacker need not know or choose their 
corresponding plaintexts). After scanning several hundred 
thousand packets, the attacker can completely recover the 
secret key and thus decrypt all the ciphertexts. The running 
time of the attack grows linearly instead of exponentially 
with the key size, and thus it is negligible even for 2048 
bit keys.

I'll appreciate your comments and suggestions. Please feel 
free to forward this email to your colleagues.


Sincerely yours,

Adi Shamir


------- End of Forwarded Message






---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list