Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: InfoSec Handlers Diary Blog - Is WEP dead yet? Should it be? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Is WEP dead yet? Should it be?

Published: 2007-04-04
Last Updated: 2007-04-04 20:51:32 UTC
by Jim Clausing (Version: 2)
0 comment(s)
We've known almost from its release, that there were some significant weaknesses in WEP (Wired Equivalent Privacy).  AirSnort and WEPcrack among other packages have been able to crack WEP keys fairly easily if they could sniff enough of the encrypted traffic.  One of our readers (thanx, Mike) noted a new paper by three folks from the Darmstadt Technical University in Germany entitled Breaking 104 bit WEP in less than 60 seconds.  They explain how an updated attack on the underlying RC4 algorithm allows much faster cracking of WEP (over an order of magnitude faster), than previously realized.  We have long recommended that WEP be abandoned in favor of WPA2 (or, even better, WPA2).  This new work demonstrates that WEP is little more than an annoyance to folks really interested in seeing your traffic.
Keywords:
0 comment(s)
Diary Archives