By Eric Griffith
April 09, 2007
More than a nail in the coffin, this new attack should be the final layer of dirt on the broken encryption method’s grave.
It’s no secret that wired equivalent privacy (WEP) is considered the biggest joke in security since those guys in the red shirts on Star Trek. Last week, the joke got even funnier when researchers managed to crack 104-bit WEP encryption in less than a minute.
With the right tools and some time, anyone can crack WEP by gathering enough information from the airwaves, which is then used to figure out the pass-phrase protecting the wireless link. The more packets gathered, the better the chance of success. Traditionally, though, the packet gathering still took time — sometimes hours to get the 4 to 6 million packets needed. Later, that was reduced: 500,000 to 2 million packets.
Researchers at the Darmstadt University of Technology in Darmstadt, Germany have reduced the number yet again, to just 40,000 captured packets. That gave them enough to get a 50% probability of recovering the passkey. 60,000 packets pushed the chance to 80%, and 85,000 made it 95%. They did this with a tool they call aircrack-ptw, and they wrote a paper about it, available here.Their recommendation is pretty obvious: WEP should not be used. It’s better than no security, but it’s also close to no security if you’ve got trespassers with enough desire and smarts. As they say in the paper, “While arguably still providing a weak deterrent against casual attackers in the past, the attack presented in this paper greatly improves the ease with which the security measure can be broken.” And it’s true — there are still products coming out today that only support WEP, even though Wi-Fi Protected Access (WPA) officially replaced it long ago. It has been required by the Wi-Fi Alliance since 2006 for a product to be Wi-Fi Certified.
That said, companies like AirDefense say that businesses still have a lot invested in legacy WEP-only products, and in some cases — like retail distribution centers — it could take millions of dollars to upgrade the equipment. That’s why they offer a module for their security software called WEP Cloaking, which sends out extra packets to prevent aircrack-like tools from gathering the data they need. AirDefense says it plans to stay ahead of new WEP cracking efforts, and claims it is already successful in beating this new under-60-second crack.