WEP: Difference between revisions
→Replay attacks: injection attacks |
m →Fluhrer, Mantin, and Shamir attack: added link |
||
| (5 intermediate revisions by one other user not shown) | |||
| Line 3: | Line 3: | ||
== WEP payload == | == WEP payload == | ||
The plaintext payload has a 4 byte | The plaintext payload has a 4 byte (32 bit) CRC trailer. The message is then XOR'ed against a keystream. The ciphertext is then prepended by a 24 bit [[IV]]. | ||
== RC4 keystream == | == RC4 keystream == | ||
Given a 24 bit IV and either a 40 bit or | Given a 24 bit IV and either a 40 bit or 104 bit [[PSK]] an [[RC4]] keystream is derived. A keystream is meant as a stream of bytes that look random but are reproduceable with the same IV and PSK. | ||
== 24 bit IV == | == 24 bit IV == | ||
A random 24 bit IV is prepended to every encrypted payload. Given its limited size there will be IV collisions after so many frames. A collision means that the value is the same for two or more IV's. When an IV is the same that means that the keystream between those collision packets is the same as well. | A random 24 bit IV is prepended to every encrypted payload (every frame). Given its limited size there will be IV collisions after so many frames. A collision means that the value is the same for two or more IV's. When an IV is the same that means that the keystream between those collision packets is the same as well. | ||
== Fluhrer, Mantin, and Shamir attack == | == Fluhrer, Mantin, and Shamir attack == | ||
This is a successful attack (also known as FMS attack) against WEP. It is used by the program aircrack-ng. | This is a successful attack (also known as FMS attack) against WEP. It is used by the program [[aircrack-ng]]. | ||
Due to this WPA was invented supposedly. | Due to this WPA was invented supposedly. | ||
== Replay attacks == | == Replay attacks == | ||
Replay attacks are possible with WEP, and they are the reason that people can replay [[ARP]] requests and gather IV's that way. | Replay attacks are possible with WEP, and they are the reason that people can replay [[ARP]] requests and gather IV's (and IV collisions) that way. | ||
== Injection attacks == | == Injection attacks == | ||
Because the payload has a 32 bit CRC at the end someone can make a replay with an IP address changed. One needs to recompute the IP checksum which is 16 bits and recompute the 32 bit CRC at the end of the plaintext payload (802.11 header + IP packet + CRC32 checksum). | Because the payload has a 32 bit CRC at the end someone can make a replay with an IP address changed. One needs to recompute the IP checksum which is 16 bits and recompute the 32 bit CRC at the end of the plaintext payload (802.11 header + IP packet + CRC32 checksum). | ||
Most | Most home routers should allow outgoing packets... | ||
Latest revision as of 03:08, 28 December 2013
WEP stands for Wired Equivalent Privacy and was the first encryption used in Wifi (WLAN). It has been replaced with WPA2, however most wifi cards still support WEP for whatever reason.
WEP payload
The plaintext payload has a 4 byte (32 bit) CRC trailer. The message is then XOR'ed against a keystream. The ciphertext is then prepended by a 24 bit IV.
RC4 keystream
Given a 24 bit IV and either a 40 bit or 104 bit PSK an RC4 keystream is derived. A keystream is meant as a stream of bytes that look random but are reproduceable with the same IV and PSK.
24 bit IV
A random 24 bit IV is prepended to every encrypted payload (every frame). Given its limited size there will be IV collisions after so many frames. A collision means that the value is the same for two or more IV's. When an IV is the same that means that the keystream between those collision packets is the same as well.
Fluhrer, Mantin, and Shamir attack
This is a successful attack (also known as FMS attack) against WEP. It is used by the program aircrack-ng. Due to this WPA was invented supposedly.
Replay attacks
Replay attacks are possible with WEP, and they are the reason that people can replay ARP requests and gather IV's (and IV collisions) that way.
Injection attacks
Because the payload has a 32 bit CRC at the end someone can make a replay with an IP address changed. One needs to recompute the IP checksum which is 16 bits and recompute the 32 bit CRC at the end of the plaintext payload (802.11 header + IP packet + CRC32 checksum). Most home routers should allow outgoing packets...
