WEP: Difference between revisions
→Replay attacks: injection attacks |
|||
Line 3: | Line 3: | ||
== WEP payload == | == WEP payload == | ||
The plaintext payload has a 4 byte | The plaintext payload has a 4 byte (32 bit) CRC trailer. The message is then XOR'ed against a keystream. The ciphertext is then prepended by a 24 bit [[IV]]. | ||
== RC4 keystream == | == RC4 keystream == |
Revision as of 11:32, 8 August 2013
WEP stands for Wired Equivalent Privacy and was the first encryption used in Wifi (WLAN). It has been replaced with WPA2, however most wifi cards still support WEP for whatever reason.
WEP payload
The plaintext payload has a 4 byte (32 bit) CRC trailer. The message is then XOR'ed against a keystream. The ciphertext is then prepended by a 24 bit IV.
RC4 keystream
Given a 24 bit IV and either a 40 bit or 108 bit PSK an RC4 keystream is derived. A keystream is meant as a stream of bytes that look random but are reproduceable with the same IV and PSK.
24 bit IV
A random 24 bit IV is prepended to every encrypted payload. Given its limited size there will be IV collisions after so many frames. A collision means that the value is the same for two or more IV's. When an IV is the same that means that the keystream between those collision packets is the same as well.
Fluhrer, Mantin, and Shamir attack
This is a successful attack (also known as FMS attack) against WEP. It is used by the program aircrack-ng. Due to this WPA was invented supposedly.
Replay attacks
Replay attacks are possible with WEP, and they are the reason that people can replay ARP requests and gather IV's that way.
Injection attacks
Because the payload has a 32 bit CRC at the end someone can make a replay with an IP address changed. One needs to recompute the IP checksum which is 16 bits and recompute the 32 bit CRC at the end of the plaintext payload (802.11 header + IP packet + CRC32 checksum). Most firewalls should allow outgoing packets...