(keitai-l) Re: 802.11b security [was: VoIP blah blah]

From: Ben Hutchings <ben.hutchings_at_roundpoint.com>
Date: 08/15/01
Message-ID: <70B689D6582BF04690D425A24AB386E408C466@presidio.roundpoint.co.uk>
Benjamin Kowarsch wrote:
> >* The security of 802.11b is pretty much easy to hack
> >   and the best is: You don't need a physical connection
> >   to the network.
> 
> Where did you get that from ?
> 
> I don't know what kind of base station you are referring to but it
> is very easy to make 802.11b very secure by just checking a few tick 
> boxes

You mean, it's possible to obtain a false sense of security by ticking
a few boxes.

<snip>
> 2) WEP encryption
> 
> this means nothing is sent unencrypted.

But the encryption can be broken, quite easily.  See
<http://www.crypto.com/papers/others/rc4_ksaproc.ps> - or just this
sentence from the abstract: "Finally, we show that RC4 is completely
insecure in a common mode of operation which is used in the widely
deployed Wired  Equivalent Privacy protocol (WEP, which is part of the
802.11 standard), in which a fixed secret key is concatenated with
known IV modifiers in order to encrypt different messages."

The 802.11x standard appears to fix this problem, which was suspected
to be a weakness even before this recent publication.

<snip> 
> 3) access control
> 
> where I enter the ethernet hardware address of the WiFi cards I
> allow to access my network.

If someone can break WEP encryption, then they can find one of the
valid hardware addresses and tell their hardware to use it.  (Hardware
addresses are not really fixed.)

[ Need archives? How to unsubscribe? http://www.appelsiini.net/keitai-l/ ]
Received on Wed Aug 15 17:59:32 2001