Re: WEP: 64 bit or 128 bit?

From: Shill (devnull@example.com)
Date: 03/13/03 

From: Shill <devnull@example.com>
Date: Thu, 13 Mar 2003 23:54:41 +0100

>> The key recovery attack [1] works regardless of the size of the IV.
>> Moreover, "the passive ciphertext-only attack on this mode can
>> recover an arbitrarily long key in a negligible amount of time
>> which grows only linearly with its size, both for 24 and 128 bit IV
>> modifiers".
>>
>> In other words, if an attacker needs N packets to recover a
>> "64-bit" WEP key (5-byte secret key) then he would only need, on
>> average, 2.6*N packets to recover a "128-bit WEP" key (13-byte
>> secret key).
>
> Ummm, where did you come up with "2.6*N packets"? To the best of my
> knowledge, the number of packets required is essentially independent
> of key length. The amount of computation required increases as the
> number of key bits does increase (as the attack recovers individual
> key bytes is sequence). However, the attacker can reuse the same
> packet capture to attack the next key byte, and so he doesn't need to
> capture anything fresh.

My bad. I misunderstood this sentence from your paper: "the passive
ciphertext-only attack on this mode can recover an arbitrarily long key
in a negligible amount of time which grows only linearly with its size,
both for 24 and 128 bit IV modifiers".

The time needed to recover the key is O(n) with n the size of the secret
key, but the number of packets needed is O(1) because if an IV leads to
the resolved condition, then it can be reused to guess subsequent key
bytes. Is that correct?

I was wondering, did you see this post of mine:
http://groups.google.com/groups?selm=b23g5t$2e5a$1@norfair.nerim.net&output=gplain

Relevant Pages

  • Re: WEP: 64 bit or 128 bit?
    ... > ciphertext-only attack on this mode can recover an arbitrarily long key ... > The time needed to recover the key is Owith n the size of the secret ... but the number of packets needed is Obecause if an IV leads to ... which would take about 50 or so chosen IVs to recover a key byte. ...
    (sci.crypt)
  • Re: WEP: 64 bit or 128 bit?
    ... > Since it is commonly accepted that WEP is insecure because of the ... The key recovery attack works regardless of the size of the IV. ... "the passive ciphertext-only attack on this mode can recover ... if an attacker needs N packets to recover a "64-bit" ...
    (sci.crypt)
  • Re: SYN Attacks - how i cant stop it
    ... > FBSD club, would you please review the following. ... > # control how network packets are handled after IPFW or IPFILTER ... > these MIB. ... > # the two queues which are targeted by this type of attack should ...
    (FreeBSD-Security)
  • Re: SYN Attacks - how i cant stop it
    ... > FBSD club, would you please review the following. ... > # control how network packets are handled after IPFW or IPFILTER ... > these MIB. ... > # the two queues which are targeted by this type of attack should ...
    (freebsd-questions)
  • Re: Port 80 SYN flood-like behavior
    ... > were on the receiving end of such an attack a little over one month ago. ... > across a LARGE number of TCP servers. ... > SYN/ACK packets ... ... Traffic reflection off routers ...
    (Incidents)