What will happen if a WEP authentication challenge string is reused? If the access point ran out of unique random numbers and reused one then what would happen? I'd think that if challenges were reused then an eavesdropper could intercept the challenge and the response, store them, and wait for the challenge to be used again to use the stolen response. Then the attacker could connect without the WEP key. However, since there's a flaw that allows for an attacker intercept a challenge and response pair and connect without knowing the WEP key, then is it really so bad if a challenge repeats? Would it be insecure to use the same challenge over and over again?
Asked
Active
Viewed 130 times
1
-
There is also a flaw that allows an attacker to recover the WEP key, see aircrack-ng for a practical example. – André Borie Nov 13 '16 at 02:30
-
I saw a post on here earlier about aircrack-ng and I think I'll look into it. Are there any flaws that are based upon the theoretical possibility of a repeated challenge string? – tpm900 Nov 13 '16 at 02:33
-
No idea, I haven't actually studied the protocol. – André Borie Nov 13 '16 at 02:34