Security using WEP 128 (104)bit

Neil · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

Hi All,

Can anyone point me to a reliable reference that gives guidance as to
the appropriate frequency of key changes required to make WEP 128 bit
practically safe ?

Thanks,

Neil

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

"Neil" <me@home.com> wrote in news:c4psk1$27g0$1@otis.netspace.net.au:

> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes required to make WEP 128 bit
> practically safe ?

It depends on the traffic on your network.

But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128 about 8
- 40 hours.

Use WPA if possible.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

"Lucas Tam" <REMOVEnntp@rogers.com> wrote in message
news:Xns94C1B6B03B58Fnntprogerscom@140.99.99.130...
> "Neil" <me@home.com> wrote in news:c4psk1$27g0$1@otis.netspace.net.au:
>
>> Can anyone point me to a reliable reference that gives guidance as to
>> the appropriate frequency of key changes required to make WEP 128 bit
>> practically safe ?
>
> It depends on the traffic on your network.
>
> But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128 about 8
> - 40 hours.
>
>
> Use WPA if possible.
>
> --
> Lucas Tam (REMOVEnntp@rogers.com)
> Please delete "REMOVE" from the e-mail address when replying.
> http://members.ebay.com/aboutme/coolspot18/

Are you talking about the number of hours required to crack both 64 and 128
WEP?

Harryc
--

ANON · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

Cracking 128-bit WEP key takes about 8 to 40 hours? Ha-ha-ha-ha, yeah
right! Have you tried cracking WEP key your own WAP? Theoritically WEP
keys are crackable but not that easy, allec. There are only 2 *nix based
programs that I know of, none runs on Windows. If crackers would see the
WEP keys in plain text, what then if I use Hex of these non-printable
characters:

Char Oct Dec Hex Control-Key Control Action
NUL 0 0 00 ^@ Null character
SOH 1 1 01 ^A Start of heading, = console interrupt
STX 2 2 02 ^B Start of text, maintenance mode on HP console
ETX 3 3 03 ^C End of text
EOT 4 4 04 ^D End of transmission, not the same as ETB
ENQ 5 5 05 ^E Enquiry, goes with ACK; old HP flow control
ACK 6 6 06 ^F Acknowledge, clears ENQ logon hand
BEL 7 7 07 ^G Bell, rings the bell...
BS 10 8 08 ^H Backspace, works on HP terminals/computers
HT 11 9 09 ^I Horizontal tab, move to next tab stop
LF 12 10 0a ^J Line Feed
VT 13 11 0b ^K Vertical tab
FF 14 12 0c ^L Form Feed, page eject
CR 15 13 0d ^M Carriage Return
SO 16 14 0e ^N Shift Out, alternate character set
SI 17 15 0f ^O Shift In, resume defaultn character set
DLE 20 16 10 ^P Data link escape
DC1 21 17 11 ^Q XON, with XOFF to pause listings; "

kay to send".
DC2 22 18 12 ^R Device control 2, block-mode flow control
DC3 23 19 13 ^S XOFF, with XON is TERM=18 flow control
DC4 24 20 14 ^T Device control 4
NAK 25 21 15 ^U Negative acknowledge
SYN 26 22 16 ^V Synchronous idle
ETB 27 23 17 ^W End transmission block, not the same as EOT
CAN 30 24 17 ^X Cancel line, MPE echoes !!!
EM 31 25 19 ^Y End of medium, Control-Y interrupt
SUB 32 26 1a ^Z Substitute
ESC 33 27 1b ^[ Escape, next character is not echoed
FS 34 28 1c ^\ File separator
GS 35 29 1d ^] Group separator
RS 36 30 1e ^^ Record separator, block-mode terminator
US 37 31 1f ^_ Unit separator

How many people would try to crack WEP key of someone else WAP just to
access the Internet for free when there are lots of stupid people out
there who leave their WAP's security disabled?

On Mon, 5 Apr 2004, Lucas Tam wrote:

> "Harry C" <harryc@net.invalid> wrote in
> news:QM0cc.11090$W57.3191@nwrdny03.gnilink.net:
>
> >> But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128
> >> about 8 - 40 hours.
> >>
> > Are you talking about the number of hours required to crack both 64
> > and 128 WEP?
>
>
> Ha Ha... yes.
>
> Geez, must of fell asleep at the keyboard.
>
>
>
>

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

"Harry C" <harryc@net.invalid> wrote in
news:QM0cc.11090$W57.3191@nwrdny03.gnilink.net:

>> But on a high traffic network, WEP 64 takes a 2 - 4 hours. WEP 128
>> about 8 - 40 hours.
>>
> Are you talking about the number of hours required to crack both 64
> and 128 WEP?

Ha Ha... yes.

Geez, must of fell asleep at the keyboard.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

JimboLee2@NETZER0@.NET wrote:

> If crackers would see the
> WEP keys in plain text, what then if I use Hex of these non-printable
> characters:

Crackers don't see any plain text. The programs used to break the WEP,
simply get enough info to calculate the key. Using non plain text keys
only reduces the chance of someone using a dictionary attack.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

"JimboLee2@NETZER0@.NET" <anon@pop.netzero.net> wrote in
news

ine.LNX.4.44.0404042324470.1411-100000@localhost:

> If crackers would see the
> WEP keys in plain text, what then if I use Hex of these non-printable
> characters:
>

It doesn't matter - the programs reverse calculate the keys, so it doesn't
matter what you use for your keys.

As long as the program is able to capture enough packets... your keys will
be cracked.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

gary · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

Yes, but no hacker is going to invest one evening a week sitting outside
your house gathering data to crack the key you change every week (or every
day, if you're paranoid). An ordinary residence will be a target in order to
gain access to your ISP, not to gain access to your private data. Finding
your credit card number would be gravy, not the primary obejctive.

On the other hand, if you never change your key, spending one evening
cracking it would be a worthwhile investment of time to buy months of
unrestricted access to the internet via your ISP connection.

"Lucas Tam" <REMOVEnntp@rogers.com> wrote in message
news:Xns94C2580876075nntprogerscom@140.99.99.130...
> "JimboLee2@NETZER0@.NET" <anon@pop.netzero.net> wrote in
> news

ine.LNX.4.44.0404042324470.1411-100000@localhost:
>
> > If crackers would see the
> > WEP keys in plain text, what then if I use Hex of these non-printable
> > characters:
> >
>
> It doesn't matter - the programs reverse calculate the keys, so it doesn't
> matter what you use for your keys.
>
> As long as the program is able to capture enough packets... your keys will
> be cracked.
>
>
>
> --
> Lucas Tam (REMOVEnntp@rogers.com)
> Please delete "REMOVE" from the e-mail address when replying.
> http://members.ebay.com/aboutme/coolspot18/

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

On Mon, 05 Apr 2004 13:55:16 GMT, "gary" <pleasenospam@sbcglobal.net>
wrote:

>Yes, but no hacker is going to invest one evening a week sitting outside
>your house

You assume that the only peolpe interested in cracking the key would
be somebody in a car. In reality it could be a neighbor who can leave
his computer running all day and night until he cracks it. No
inconvenience at all.

>athering data to crack the key you change every week (or every
>day, if you're paranoid). An ordinary residence will be a target in order to
>gain access to your ISP, not to gain access to your private data. Finding
>your credit card number would be gravy, not the primary obejctive.
>
>On the other hand, if you never change your key, spending one evening
>cracking it would be a worthwhile investment of time to buy months of
>unrestricted access to the internet via your ISP connection.
>
>"Lucas Tam" <REMOVEnntp@rogers.com> wrote in message
>news:Xns94C2580876075nntprogerscom@140.99.99.130...
>> "JimboLee2@NETZER0@.NET" <anon@pop.netzero.net> wrote in
>> news

ine.LNX.4.44.0404042324470.1411-100000@localhost:
>>
>> > If crackers would see the
>> > WEP keys in plain text, what then if I use Hex of these non-printable
>> > characters:
>> >
>>
>> It doesn't matter - the programs reverse calculate the keys, so it doesn't
>> matter what you use for your keys.
>>
>> As long as the program is able to capture enough packets... your keys will
>> be cracked.
>>
>>
>>
>> --
>> Lucas Tam (REMOVEnntp@rogers.com)
>> Please delete "REMOVE" from the e-mail address when replying.
>> http://members.ebay.com/aboutme/coolspot18/
>

Guest · Apr 5, 2004

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, gary mused:
|
| Yes, but no hacker is going to invest one evening a week sitting outside
| your house gathering data to crack the key you change every week (or every
| day, if you're paranoid).

They wouldn't necessarily have to. They could be someone in the next
flat with all the time in the world to sniff packets.

gary · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

While it's true that the guy in the next flat doesn't haven't to sit in the
parking lot, he still has to invest as much as a day or more a week to
continually recrack your key if you change it once a week using randomly
selected hex keys. Since most routers and clients let you preconfigre a list
of 4 keys, if you just change this list once a week, you can set a new
default key every couple of days by clicking on a new list entry.

I'm certainly not trying to argue that WEP is as effective as WPA, but this
kind of precaution should eliminate the overwhelming majority of potential
hackers. If you have a neighbor that is willing to spend that kind of time
continually hacking your system, instead of looking for easier targets, then
the guy wants into your system really badly. You then have problems beyond
simple net security - this is the kind of person who would break into an
apartment.

The tradeoff is between whatever effort it will take you to successfully
upgrade both your router firmware, your client firmware, and possibly
Windows, and then get it all configured correctly, versus just configuring
the 128-bit WEP that comes standard with most routers. I'd rather see home
users at least move to WEP, rather than blow off security altogether, or
pretend that SSID broadcast disabling or MAC filtering are valid security
measures.

"mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
news:1gecc.190875$Cb.1728715@attbi_s51...
> Taking a moment's reflection, gary mused:
> |
> | Yes, but no hacker is going to invest one evening a week sitting outside
> | your house gathering data to crack the key you change every week (or
every
> | day, if you're paranoid).
>
> They wouldn't necessarily have to. They could be someone in the next
> flat with all the time in the world to sniff packets.
>
>

ANON · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

On Mon, 5 Apr 2004, Lucas Tam wrote:

> "JimboLee2@NETZER0@.NET" <anon@pop.netzero.net> wrote in
> news

ine.LNX.4.44.0404042324470.1411-100000@localhost:
>
> > If crackers would see the
> > WEP keys in plain text, what then if I use Hex of these non-printable
> > characters:
> >
>
> It doesn't matter - the programs reverse calculate the keys, so it doesn't
> matter what you use for your keys.
>
> As long as the program is able to capture enough packets... your keys will
> be cracked.
>

Enough packet what? Those claims are just based on theories. You don't
even use *nix OS, what do you know.

ANON · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

fOn Mon, 5 Apr 2004, mhicaoidh wrote:

> Taking a moment's reflection, gary mused:
> |
> | Yes, but no hacker is going to invest one evening a week sitting outside
> | your house gathering data to crack the key you change every week (or every
> | day, if you're paranoid).
>
> They wouldn't necessarily have to. They could be someone in the next
> flat with all the time in the world to sniff packets.
>

The *nix based Kismet can see both WAPs and wireless LAN clients. With
Kismet you can reverse snoop how much packet your neighbor is
transmitting. You can also put a decoy Linux box emulating a WAP emitting
bogus packets with crons to change WEP from time to time.

Neil · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Thanks All for the interesting responses, getting back to the original
question,

Can anyone point me to a reliable reference that gives guidance as to
the appropriate frequency of key changes (time or data) required to make WEP
128 bit practically safe ?

Regards,

Neil

"James Knott" <bit_bucket@rogers.com> wrote in message
news

Gacc.12431$L_8.5532@news01.bloor.is.net.cable.rogers.com...
> JimboLee2@NETZER0@.NET wrote:
>
> > If crackers would see the
> > WEP keys in plain text, what then if I use Hex of these non-printable
> > characters:
>
> Crackers don't see any plain text. The programs used to break the WEP,
> simply get enough info to calculate the key. Using non plain text keys
> only reduces the chance of someone using a dictionary attack.
>
> --
>
> Fundamentalism is fundamentally wrong.
>
> To reply to this message, replace everything to the left of "@" with
> james.knott.

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

"Neil" <me@home.com> wrote in news:c4rdsm$2td$1@otis.netspace.net.au:

> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes (time or data) required to
> make WEP 128 bit practically safe ?

We did answer your question... WEP is insecure, so no amount of keychanges
will secure your network.

I say change your key once every couple of months. If you're uber paranoid,
once a day or once a week.

Otherwise see if your AP supports WPA - it's much more secure.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Lucas Tam <REMOVEnntp@rogers.com> wrote in
news:Xns94C2546F64B3Enntprogerscom@140.99.99.130:

> I say change your key once every couple of months. If you're uber
> paranoid, once a day or once a week.

Then again I haven't changed my 40-bit key in a couple years and never had
a problem.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Lucas Tam <REMOVEnntp@rogers.com> wrote in
news:Xns94C2546F64B3Enntprogerscom@140.99.99.130:

> We did answer your question... WEP is insecure, so no amount of
> keychanges will secure your network.
>
> I say change your key once every couple of months. If you're uber
> paranoid, once a day or once a week.
>
> Otherwise see if your AP supports WPA - it's much more secure.

The insecurity of WEP is based on it being used for enough traffic that it
can be easily broken. But, if you just use it for routine email and web
browsing (and not for large file downloads) it can be many days (or more)
before that amount of traffic occurs. I don't recall numbers I've seen
when I was first looking at it, but it seemed like changing WEP keys weekly
was more than enough for a single user (such as my use only with my
laptop). This is a good question - it's a shame that there doesn't appear
to be such a URL available.

--
Tom McCune
My PGP Page & FAQ: http://www.McCune.cc/PGP.htm

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Neil wrote:

> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes (time or data) required to make
> WEP 128 bit practically safe ?
>

That would depend on how much you use WiFi and how much time someone wants
to spend trying to crack the key.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Lucas Tam wrote:

> Lucas Tam <REMOVEnntp@rogers.com> wrote in
> news:Xns94C2546F64B3Enntprogerscom@140.99.99.130:
>
>> I say change your key once every couple of months. If you're uber
>> paranoid, once a day or once a week.
>
> Then again I haven't changed my 40-bit key in a couple years and never had
> a problem.
>

That you're aware of. Do you have any means of determining if anyone's
"borrowing" your internet access?

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Neil · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Thanks for the responses,

You have all assisted greatly.

Regards,

Neil.

"gary" <pleasenospam@sbcglobal.net> wrote in message
news:eLhcc.5385$9Z3.2044@newssvr24.news.prodigy.com...
> While it's true that the guy in the next flat doesn't haven't to sit in
the
> parking lot, he still has to invest as much as a day or more a week to
> continually recrack your key if you change it once a week using randomly
> selected hex keys. Since most routers and clients let you preconfigre a
list
> of 4 keys, if you just change this list once a week, you can set a new
> default key every couple of days by clicking on a new list entry.
>
> I'm certainly not trying to argue that WEP is as effective as WPA, but
this
> kind of precaution should eliminate the overwhelming majority of potential
> hackers. If you have a neighbor that is willing to spend that kind of time
> continually hacking your system, instead of looking for easier targets,
then
> the guy wants into your system really badly. You then have problems beyond
> simple net security - this is the kind of person who would break into an
> apartment.
>
> The tradeoff is between whatever effort it will take you to successfully
> upgrade both your router firmware, your client firmware, and possibly
> Windows, and then get it all configured correctly, versus just configuring
> the 128-bit WEP that comes standard with most routers. I'd rather see home
> users at least move to WEP, rather than blow off security altogether, or
> pretend that SSID broadcast disabling or MAC filtering are valid security
> measures.
>
> "mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
> news:1gecc.190875$Cb.1728715@attbi_s51...
> > Taking a moment's reflection, gary mused:
> > |
> > | Yes, but no hacker is going to invest one evening a week sitting
outside
> > | your house gathering data to crack the key you change every week (or
> every
> > | day, if you're paranoid).
> >
> > They wouldn't necessarily have to. They could be someone in the
next
> > flat with all the time in the world to sniff packets.
> >
> >
>
>

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

James Knott <bit_bucket@rogers.com> wrote in news:7Lncc.23495$L_8.4007
@news01.bloor.is.net.cable.rogers.com:

> That you're aware of. Do you have any means of determining if anyone's
> "borrowing" your internet access?

Yeah, my router logs haven't showed anything out of the ordinary... and my
AP's associated station log hasn't displayed anything strange either.

--
Lucas Tam (REMOVEnntp@rogers.com)
Please delete "REMOVE" from the e-mail address when replying.
http://members.ebay.com/aboutme/coolspot18/

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

Neil wrote:
> Thanks All for the interesting responses, getting back to the original
> question,
>
> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes (time or data) required to
> make WEP 128 bit practically safe ?
>
> Regards,
>
> Neil
>
>
> "James Knott" <bit_bucket@rogers.com> wrote in message
> news

Gacc.12431$L_8.5532@news01.bloor.is.net.cable.rogers.com...
>> JimboLee2@NETZER0@.NET wrote:
>>
>>> If crackers would see the
>>> WEP keys in plain text, what then if I use Hex of these
>>> non-printable characters:
>>
>> Crackers don't see any plain text. The programs used to break the
>> WEP, simply get enough info to calculate the key. Using non plain
>> text keys only reduces the chance of someone using a dictionary
>> attack.
>>
>> --
>>
>> Fundamentalism is fundamentally wrong.
>>
>> To reply to this message, replace everything to the left of "@" with
>> james.knott.

How about applying a bit of common sense to your question? If you look
out your office window and see 1000 hackers with laptops, would you look
for a recommendation about the frequency of changing your WEP key, or
would you immediately change your WEP key? If you live out in the
countryside ten miles from the nearest neighbor, would you think it even
possible that 1000 hackers are going to show up outside your house any
time in the immediate future?

The level of risk is not researchable. The amount of effort required to
crack a key has been researched extensively. Only you can evaluate the
level of risk. If it takes four hours to crack a given key, if you
change the key every hour it should reduce the risk of being cracked to
zero. This makes sense if there are 1000 hackers outside your office.
It makes no sense at all if you live ten miles from the nearest neighbor
in the countryside.

Q

Guest · Apr 6, 2004

Archived from groups: alt.internet.wireless (More info?)

JimboLee2@NETZER0@.NET wrote:

>> As long as the program is able to capture enough packets... your keys
>> will be cracked.
>>
>
> Enough packet what? Those claims are just based on theories. You don't
> even use *nix OS, what do you know.
>

There are at least two ways to attack encryption.

1) Try to find the pass phrase. This requires dictionary attacks or words
that are likely to be used.

2) Try to calculate the key, from recovered packets. This involves
collecting enough packets, so that some analysys can be done to determine
the key.

Neither of the above requires *nix, though many of the commonly used
cracking tools are available for it.

--

Fundamentalism is fundamentally wrong.

To reply to this message, replace everything to the left of "@" with
james.knott.

Guest · Apr 7, 2004

Archived from groups: alt.internet.wireless (More info?)

Neil <me@home.com> wrote:
> Hi All,
>
> Can anyone point me to a reliable reference that gives guidance as to
> the appropriate frequency of key changes required to make WEP 128 bit
> practically safe ?

As a change, I thought I might actually answer the question asked.
I don't know if this is against the groups charter, or something

The time depends on the traffic.

IIRC, you need 7 million packets to be fairly sure of cracking a WEP key.
This is around 3-9Gb of transfer.

Taking one extreme, a G network transferring files at full bandwidth could be
cracked in as little as half an hour.

Someone running P2P over a 512K wireless ADSL link in 3-4 days.
A really light ADSL user may take weeks or months to generate that
much traffic.

Guest · Apr 7, 2004

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, gary mused:
|
| While it's true that the guy in the next flat doesn't haven't to sit in
| the parking lot, he still has to invest as much as a day or more a week to
| continually recrack your key if you change it once a week using randomly
| selected hex keys. Since most routers and clients let you preconfigre a
| list of 4 keys, if you just change this list once a week, you can set a
| new default key every couple of days by clicking on a new list entry.

Granted. But, for someone like me (who has at least three systems
running 24/7) it would not be any imposition to have one sniffing a
neighbour's wireless traffic. The software does all the work, and all I
need do is check in from time to time to monitor any results. Your solution
would be a hindrance, yes. But, anyone who is going to be diligent enough
to change their keys that frequently will be more likely to be running WPA.
;-)

Security using WEP 128 (104)bit

Distinguished

Guest

Guest

Guest

Guest

Distinguished

Guest

Guest

Guest

Guest

Guest

Guest

Distinguished

Guest

Guest

Guest

Guest

Distinguished

Distinguished

Distinguished

Distinguished

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Distinguished

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Guest

Share this page