WEP: Even Deader Than Before

Carl Weinschenk

It takes about a minute to microwave a cup of coffee, make a bed -- or crack Wired Equivalent Protocol (WEP) security.

It's long been known that WEP is insecure. Indeed, that's why the Wi-Fi Alliance came up with Wi-Fi Protected Access (WPA), which now is required for gear to be certified by the organization. WEP's insecurity doesn't mean that a lot of gear in the field isn't still using the discredited approach, however.

It's been reported at Newswireless and elsewhere that WEP got another kick in the shins this week when three researchers from Darmstadt Technical University released a paper that suggests the system can be beaten in about a minute.

Hacking WEP involves collecting enough of the bits floating through the air to decode the pass phrase protecting the link. The researchers have figured out a way to drastically cut the number of packets -- and hence the time needed -- to have a good chance of guessing the pass-phrase. http://www.wi-fiplanet.com/news/article.php/3670601

Wi-Fi Planet has a good description of the researchers' work. Initially, 4 million to 6 million packets had to be collected to do the job; that number eventually shrunk to 500,000 to 2 million packets. The Darmstadt researchers used a tool called aircrack-ptw to cut the packets necessary to 40,000.

Doing so, the piece says, provides a 50 percent chance of guessing the key. Incrementally raising the number of packets plucked from the air -- and slightly increasing the time span -- improves the odds of successfully cracking the code. For instance, the tool has a 95 percent chance of guessing the pass-phrase if it has 85,000 packets with which to work.

It would be wrong to dismiss the importance of this news by saying that WEP was hacked anyway. The new tool makes it so easy to crack the code that even a minimal level of protection has disappeared. That's disquieting, since the reality is that corporate inertia and budgetary constraints often keep organizations from doing what they should do. Bottom line: A lot of corporate systems still rely on WEP. Security staffers should pay particular attention to their telecommuting contingent, since these workers tend to fall through the cracks of corporate policies and, in most cases, pay little attention to security matters.





Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Close
Thanks for your registration, follow us on our social networks to keep up-to-date