Re: [MLUG - DISCUSSION] Crack'n WEP

Email address obfuscation in effect -- please click here to turn it off.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
Subject: Re: [MLUG - DISCUSSION] Crack'n WEP
From: Rick Buford <EMAIL:PROTECTED>
Date: Tue, 05 Apr 2005 13:54:48 -0500
In-reply-to: <EMAIL:PROTECTED>
References: <EMAIL:PROTECTED><EMAIL:PROTECTED>
Reply-to: MLUG Off-Topic Discussion <EMAIL:PROTECTED>
Sender: EMAIL:PROTECTED
User-agent: Mozilla Thunderbird 0.9 (X11/20041127)

John Kimball wrote:

> AD> I was thinking the exact thing.  If these 128-bit WEP keys can be
> cracked, what's keeping my shell access safe?
>
> The WEP designers did the equivalent of installing an expensive 
> high-tech lock and then putting the key under the doormat. The great 
> lock (128 bit key) is no good if the rest of the system makes it easy 
> to work around.
>
> They used good security primitives but in putting the system together 
> they made multiple classic blunders.  (Not the one about starting a 
> land war in Asia, but the one about reusing a stream cipher's IV, and 
> about using an unkeyed redundancy code for authentication.)
>
> The replacement for WEP, WPA, is considerably better.
>
> I remember being surprised at the mistakes in WEP, but now that I'm 
> somewhat involved in the development of the security standard for 
> Zigbee wireless networking, I can see how mistakes happen.  Someone 
> said -- "Standards are like sausages, you don't want to watch them 
> being made."

The problem is less that WEP isn't very good (it isn't), or that WPA is 
that much better (which it is). The problem is that, given unlimited 
access to a resource, no matter how good the security, it can be 
broken.  The wireless signal flat out violates rule #1 in security in 
that there is no physical limitation in accessing it.

Don't get me wrong, I think wireless is great. It simply isn't secure, 
so you should treat it as such. I'm actually pushing for wireless at 
work, but want it to be a very limited connection and require VPN to 
access the production network. That way, even when the WEP/WPA is 
cracked, they still have to work on cracking the VPN to get anything 
useful out of it.

-- 
death (
	life++;
	);

_______________________________________________
discussion mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/discussion

Follow-Ups:
- Re: [MLUG - DISCUSSION] Crack'n WEP
  - From: Mike Miller <EMAIL:PROTECTED>

References:
- Re: [MLUG - DISCUSSION] Crack'n WEP
  - From: John Kimball <EMAIL:PROTECTED>

Prev by Date: Re: [MLUG - DISCUSSION] Crack'n WEP
Next by Date: Re: [MLUG - DISCUSSION] Crack'n WEP
Previous by thread: Re: [MLUG - DISCUSSION] Crack'n WEP
Next by thread: Re: [MLUG - DISCUSSION] Crack'n WEP
Index(es):
- Date
- Thread