LANCOM Reference Manual LCOS 3.50 Chapter 11: Wireless LAN – WLAN
218
Wireless LAN – WLAN
usually weaker than 40 or 104 bits (the current IEEE standards, for instance,
assume that a typical password has a strength of about 2.5 bits per character.)
The IEEE standard specifies that up to four different WEP keys can exist in one
WLAN. The sender encodes the number of the WEP key used in the encrypted
packet along with the IV, so that the receiver can use the appropriate key. The
idea behind this was that old keys in a WLAN could gradually be exchanged
for new keys, in that stations which had not yet received the new key could
still use an old key during a transition period.
Based on WEP, the 802.11 standard also defines a Challenge-Response
procedure for authentication of clients. The access point sends a clear-text
packet which contains a 128-byte long challenge, which the client encrypts
and sends back with WEP. If the access point can successfully decrypt this
answer (that is, the CRC is correct) and the result is the originally transmitted
challenge, it can assume that the client has a correct WEP key and thus is
authorised for access.
Unfortunately, this process provides a potential attacker with 128 bytes of
clear text and the corresponding encrypted text, which offer scope for crypto
analysis. Furthermore, many clients don't implement this variant, so that this
process, called Shared Key, is seldom used—instead, processes started after
the WLAN registration are used for authentication, such as 802.1x (see
below).
While the WEP process theoretically sounds good up to now, in practice there
are unfortunately serious flaws which significantly reduce the advantages—
regardless of the WEP key length used. These weaknesses really should have
been found by closer analysis at the time when WEP was being defined.
Unfortunately, no cryptology experts participated in the WEP definition
process, so these flaws only became obvious once the WEP process was
massively implemented thanks to the market success of 802-11b WLAN cards
(earlier 2MB designs often included no encryption at all—WEP is an optional
function in the 802.11 standard).
The chief weakness of WEP is the IV length, which is far too short. As already
mentioned, the reuse of a key in RC4 is a serious security loophole—but it
occurs in WEP at least every 16 million packets, when the IV counter overflows
from 0xfffff to zero. An 11MB WLAN can achieve a net data rate of around
5MB/sec; with a maximum packet length of 1500 bytes, that comes to about
400 packets per second at full throttle. After about 11 hours, the IV counter
would theoretically overflow, and an eavesdropper receives the information
needed to 'crack' the WEP key. In practice, the attacker will actually receive
this information much sooner. Mathematical analyses of RC4 have shown that