Wednesday, April 4,2007 @ 12:45pm
Researchers: WEP no longer secure for wireless
Based at Darmstadt University in Germany, three researchers are suggesting that WEP is no longer a reliable security standard for wireless, InfoWorld reports. Their findings have been published in an official paper, which describes how a 104-bit WEP key can be extracted in approximately three seconds, with the necessary data being captured in less than a minute.
More importantly, perhaps, this can done with a 1.7GHz Pentium M processor -- substantially less power than has been needed in the past. While WEP vulnerabilities were first exposed in 2001, an attack required the accumulation of four million data packets, which took a substantial amount of processing to crack. Subsequent analysis reduced the packets needed, but only now has WEP become critically exposed. The Darmstadt group is recommending the use of two countermeasures: the first is an intrusion detection system, while the second is a cloak of "dummy" WEP keys, which hampers any predictive methods in an attack.