Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
- To: EMAIL:PROTECTED
- Subject: Re: [MLUG - DISCUSSION] Crack'n WEP
- From: John Kimball <EMAIL:PROTECTED>
- Date: Tue, 05 Apr 2005 12:13:16 -0500
- In-reply-to: <EMAIL:PROTECTED>
- References: <EMAIL:PROTECTED>
- Reply-to: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
- Sender: EMAIL:PROTECTED
- User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)
>>> On Tue, 5 Apr 2005 00:04:53 Andrew Deering wrote:
AD> I was thinking the exact thing. If these 128-bit WEP keys can be
cracked, what's keeping my shell access safe?
The WEP designers did the equivalent of installing an expensive
high-tech lock and then putting the key under the doormat. The great
lock (128 bit key) is no good if the rest of the system makes it easy to
work around.
They used good security primitives but in putting the system together
they made multiple classic blunders. (Not the one about starting a land
war in Asia, but the one about reusing a stream cipher's IV, and about
using an unkeyed redundancy code for authentication.)
The replacement for WEP, WPA, is considerably better.
I remember being surprised at the mistakes in WEP, but now that I'm
somewhat involved in the development of the security standard for Zigbee
wireless networking, I can see how mistakes happen. Someone said --
"Standards are like sausages, you don't want to watch them being made."
John K
j j k i m b a l l @ a c m . o r g
Honeywell / Columbia, MO
_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact