(Most corporations relied on virtual private network connections, which were tunneled through access points located outside a strong firewall, to allow WiFi use without compromising the network.) Advertisement Some researchers claim to be able to recover a WEP key in under a minute from an active network. Cracks were seen in 2001, and it was thoroughly broken as early as 2004. Wired Equivalent Privacy (WEP) had as its goal a simple baseline: be as secure as an Ethernet jack. The 802.11b specification from the IEEE engineering standards group came with a basic encryption mechanism built in to assuage worries that data would simply be sent in the clear. The paper, Practical Attacks against WEP and WPA, is now available for download. "It's not a key recovery attack," Tews said, "It just allows you to do the decryption of individual packets." This approach works only with short packets, but could allow ARP (Address Resolution Protocol) poisoning and possibly DNS (Domain Name Service) spoofing or poisoning. With the Tews/Beck method, an attacker sniffs a packet, makes minor modifications to affect the checksum, and checks the results by sending the packet back to the access point. (Tews' collaborator Beck is a student at the Technical University of Dresden Tews credits Beck with the discovery, after which they jointly developed the paper that Tews will present at PacSec.) In an interview from Germany, where he is a PhD candidate studying encryption at the Technical University of Darmstadt, Tews explained that an existing attack on Wired Equivalent Privacy (WEP) was modified to provide a slim vector for sending arbitrary data to networks that use the Temporal Key Integrity Protocol (TKIP).
HOW LONG TO CRACK WEP CRACK
German graduate student Erik Tews will present a paper at next week's PacSec in Tokyo coauthored with fellow student and aircrack-ng team member Martin Beck that reveals how remnants of WPA's predecessor allow them to slip a knife into a crack in the encryption scheme and send bogus data to an unsuspecting WiFi client. The hole is in a part of 802.11i that forms the basis of WiFi Protected Access (WPA), so it could affect routers worldwide. Academic researchers have found an exploitable hole in a popular form of wireless networking encryption.