1

I've been reading up on wireless authentication and shared key authentication sounds completely bonkers. I know WEP is very insecure and breaking it with aircrack-ng takes 5-15 minutes but this sounds worse.

Basics:

  1. The station sends an authentication request to the access point.

  2. The access point sends challenge text to the station.

  3. The station uses its configured 64-bit or 128-bit default key to encrypt the challenge text, and it sends the encrypted text to the access point.

If someone is monitoring this authentication he will have the text challenge in plain text and its encrypted counterpart. Figuring out the passphrase from here on seems straight forward.

Am I understanding this correctly?

yggur
  • 11
  • 3
  • 6
    No, used WPA2+AES – RoraΖ Oct 24 '14 at 15:41
  • Could you elaborate? – yggur Oct 24 '14 at 15:45
  • See this related question and the answer from Polynomial : http://security.stackexchange.com/q/17434/9792 . – dan Oct 24 '14 at 16:06
  • 1
    @yggur You seem to understand the vulnerabilities with WEP. WEP is no longer considered secure, and it is highly encouraged to use WPA2-AES instead. – RoraΖ Oct 24 '14 at 18:34
  • Thanks for your answer raz. I am not using WEP and I wouldn't think of it but I want to understand the flaws of the older systems better before conquer the new ones :) – yggur Oct 25 '14 at 14:54

1 Answers1

3

The part of WEP you describe isn't really a major weakness because most encryption algorithms in use today are immune to known-plaintext attacks. Basically, this means that having access to both the encrypted data and the decrypted plaintext will not help you figure out the key in any way - so "figuring out the password from here" would NOT be straightforward. And since the challenge is different every time, an attacker cannot simply replay a previous solution to the router.

The main weakness of WEP is that to encrypt, it XORs the bits of network traffic with a generated keystream. This isn't inherently bad, but the same keystream cannot be used twice with this system - and in WEP, the keystream generation process is flawed. The keystream is generated from a random IV (sent to clients in plaintext) and the network key (the password you type into your computer to connect). The network key is the same every time, of course, so if two packets use the same IV, the keystream will also be the same. With only 16 million possible IVs, an attacker can easily capture two packets that share an IV on a busy network, making it easy to work out the keystream and then the key.

tlng05
  • 10,244
  • 1
  • 33
  • 36
  • What about an offline brute-force attack? That is really the question I'm asking. Let's say for a WEP-40 system that is using 5 ASCII characters you have 62 possible characters ([0-9] + [a-z] + [A-Z]), 62^5 ~ 900 million possibilities. If you have WEP-104 it increases by a bit and becomes significantly harder (16-base 26 characters ~ 2+E31 possibilities). I'm not considering using WEP, just trying to understand more about it. – yggur Oct 25 '14 at 15:17
  • @yggur the length of the key is largely irrelevant because when you use the IV attack method, you're not brute forcing, but rather gathering information that allows you to work backward to find the key. – tlng05 Oct 26 '14 at 18:52