[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

Date: Tue, 07 Aug 2001 05:56:27 -0400
From: Avi Rubin <rubin at research.att.com>
Subject: WEP insecurity

   [Read it and WE(E)P, unless you already WEPt.  PGN]

We have a new paper:

Using the Fluhrer, Mantin, and Shamir Attack to Break WEP
by
Adam Stubblefield, John Ioannidis, and Aviel D. Rubin

We implemented an attack against WEP, the link-layer security protocol for
802.11 networks.  The attack was described in a recent paper by Fluhrer,
Mantin, and Shamir. With our implementation, and permission of the network
administrator, we were able to recover the 128-bit secret key used in a
production network, with a passive attack. The WEP standard uses RC4 IVs
improperly, and the attack exploits this design failure.  This paper
describes the attack, how we implemented it, and some optimizations to make
the attack more efficient. We conclude that 802.11 WEP is totally insecure,
and we provide some recommendations.

The paper is available at http://www.cs.rice.edu/~astubble/wep/

Avi Rubin, AT&T Labs - Research  http://avirubin.com/
White-Hat Security Arsenal:  http://white-hat.org/

		--Steve Bellovin, http://www.research.att.com/~smb

Prev by Date: [saag] Mailing list move
Next by Date: [no subject]
Previous by thread: [saag] Mailing list move
Next by thread: [no subject]
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.