Nope it isn’t a film with Nicolas Cage, it is how long it now takes to crack WEP encryption which is sometimes still used to secure Wireless 802.11 networks. Researchers at Technische Universität Darmstadt have further refined attacks against the RC4 cipher used in WEP to enable compromise of a WEP session within Sixty seconds. 

The problems with WEP have been known about for years, the insecurities in WEP well understood which is why now we have WPA1 and WPA2. However, Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin of Darmstadt have developed a technique whereby they can recover the 104-bit WEP key in just 60 seconds.

They can recover a 104-bit WEP key using less than 40.000 captured wireless frames with a success probability of 50%. To achieve a 95% success rate 85.000 packets are needed.

This technique constitutes a significant improvement in the number of required frames by more than an order of magnitude over the best known key-recovery attacks for WEP. The paper also covers how on a IEEE 802.11g network, the number of frames required can be obtained by re-injection in less than a minute. From there the required computational power required to perform the recovery of the keys is negligible.

Overall the attack is an extension of attack by Andreas Klein, which was basis for the paper ‘Attacks on the RC4 stream cipher’. You can find the full paper describing this attack here along with Andreas Klein’s paper here. There is also a special version of Aircrack developed by the researchers at Darmstadt to exploit their attack, which is available here.

It seems odd however that this would be so important, yet oddly as I sit here and write this I can see SIX wireless networks and the Virus.Org one is the only one with WPA2 enabled. Oddly every other one is running WEP and two of them are 'BT Home Hubs', which are sold to the public as having 'Built-in' security and come by default with just WEP enabled.  

Add this page to your favorite Social Bookmarking websites