http://www.mail-archive.com/[EMAIL PROTECTED]/msg06667.html
I made another post since then that I think had some additional information, but I can't seem to find it in the archives.
Yes WEP is broken, but it is not nearly as bad as it is made out to be. It takes a fair amount of time to break WEP especially with modern firmwares (which use weak key avoidance algorithms to mitigate the IV related leakage). My experience (which is, admittedly, with business class access points and cards, not the disposable home kind) is that WEP has only about a 300 Kbps negative impact on performance, IIRC.
WEP is pretty good for the cost in most situations. Yes, you should use extra measures, especially in a corporate environment. But in a home environment, your risk is pretty low, because the threat level is pretty low, so adding a VPN on top or instead of WEP is overkill[1]. Most wireless crackers are looking for free access, and it is easier to find an open access point than crack one with WEP on.
Also, when people say WEP can be cracked in a few seconds, that is a pretty gross misrepresentation. A few seconds, yes, after many hours (days, weeks, months, and yes, even years if it is properly secured and traffic is low enough) of capture time. Early reports from Airsnort were not accurate. From FAQ #9, after saying it would take 1-16 days to crack a key:
"We realize that some of our early numbers were much lower than this. The reason for this is simply that we were lucky in our initial tests, and we didn't actually calculate the average amount of time it would take. This can happen in the real world too, the best case and worst case are significantly different from the average case. All of the informal calculations performed here assume the average case. You should too."
This is without weak key avoidance patches (which you'd be a fool not to use, read the post I reference above). With weak key avoidance it's much longer by my tests.
One other thing to remember, when you have all your security beyond the wireless network itself, you expose all your clients to direct attack by anyone who associates with your AP. Make sure you have WOL turned off on all your clients...
Adam Augustine [1] But then again, you can never have to much overkill.
Michael L Torrie wrote:
On Tue, 2004-01-06 at 10:02, Phillip Hellewell wrote:
I know 40-bit WEP is pretty lousy, but what about 128 bit? Is it just as insecure? Well, it wouldn't surprise me...
The only current way to secure wireless is to turn off wep, make the wireless network a complete dmz (no access to anything anywhere) and then establish a vpn to a vpn server within the dmz that bridges you through into the real network.
Michael
Hopefully that new one they are talking about gets standardized pretty soon. I can't remember what it is called.
On Tue, Jan 06, 2004 at 09:52:56AM -0700, Carl Youngblood wrote:
Now you just need to figure out how to connect to an AP that used a password to calculate the WEP key. I don't know what kind of hashing algorithm or what linksys uses when you type in a password for your AP and it converts it into a key.
WEP is so insecure that, if you can at all avoid using it, you should. It provides no additional security and just slows down your connection. But I guess you would still want to connect to an AP that has this turned on, even if it is a bad idea.
Carl
____________________
BYU Unix Users Group http://uug.byu.edu/ ___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
