Page 222 - StudyBook.pdf
P. 222

206    Chapter 4 • Communication Security: Wireless



              EXAM WARNING
                  The level of knowledge about WEP presented in this chapter is crucial to
                  functioning in a wireless environment, and should be something you
                  know well if you plan to work in such an environment. However, for the
                  Security+ exam, focus on what WEP is, its basic definition, and its basic
                  weaknesses.





             Security of 64-Bit vs. 128-Bit Keys

             To a nontechnical person it may seem that a message protected with a 128-bit
             encryption scheme would be twice as secure as a message protected with a 64-bit
             encryption scheme. However, this is not the case with WEP. Since the same IV vul-
             nerability exists with both encryption levels, they can be compromised within sim-
             ilar time limits.
                 With 64-bit WEP, the network administrator specifies a 40-bit key—typically
             10 hexadecimal digits (0 through 9, a through f, or A through F).A 24-bit IV is
             appended to the 40-bit key, and the RC4 key scheme is built from these 64 bits of
             data.This same process is followed in the 128-bit scheme.The administrator speci-
             fies a 104-bit key—this time 26 hexadecimal digits (0 through 9, a through f, or A
             through F).The 24-bit IV is added to the beginning of the key, and the RC4 key
             schedule is built.
                 Because the vulnerability stems from capturing predictably weak IVs, the size of
             the original key does not make a significant difference in the security of the
             encryption.This is due to the relatively small number of total IVs possible under
             the current WEP specification. Currently, there are a total of 16,777,216 possible
             IV keys. Because every frame or packet uses an IV, this number can be exhausted
             within hours on a busy network. If the WEP key is not changed within a strictly
             defined period of time, all possible IV combinations can be intercepted off of an
             802.11b connection, captured, and made available for cracking within a short
             period of time.This is a design flaw of WEP, and bears no correlation to whether
             the wireless client is using 64-bit WEP or 128-bit WEP.

             Acquiring a WEP Key

             As mentioned previously, programs exist that allow an authenticated and/or unasso-
             ciated device within the listening area of the AP to capture and recover the WEP
             key. Depending on the speed of the machine listening to the wireless conversations,


          www.syngress.com
   217   218   219   220   221   222   223   224   225   226   227