Which WEP configuration can be exploited by a weak IV attack?

– by 1

Which WEP configuration can be exploited by a weak IV attack?
A. When the static WEP password has been stored without encryption
B. When a per-packet WEP key is in use
C. When a 64-bit key is in use
D. When the static WEP password has been given away
E. When a 40-bit key is in use
F. When the same WEP key is used to create every pack

cisco-exams

One thought on “Which WEP configuration can be exploited by a weak IV attack?

  1. Think Answer should be E. When a 40-bit key is in use.
    “Standard 64-bit WEP uses a 40 bit key (also known as WEP-40), which is concatenated with a 24-bit initialization vector (IV) to form the RC4 key. At the time that the original WEP standard was drafted, the U.S. Government’s export restrictions on cryptographic technology limited the key size. Once the restrictions were lifted, manufacturers of access points implemented an extended 128-bit WEP protocol using a 104-bit key size (WEP-104). ” from https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy
    Also you can find the following:
    Weakness: WEP’s use of RC4 is weakRC4 in its implementation in WEP has been found to have weak keys. Having a weak key means that there ismore correlation between the key and the output than there should be for good security. Determining whichpackets were encrypted with weak keys is easy because the first three bytes of the key are taken from the IV thatis sent unencrypted in each packet. This weakness can be exploited by a passive attack. All the attacker needsto do is be within a hundred feet or so of the AP.Out of the 16 million IV values available, about 9000 are interesting to the most popular attack tool, meaning theyindicate the presence of weak keys. The attacker captures “interesting packets”, filtering for IVs that suggestweak keys. After that attacker gathers enough interesting packets, he analyzes them and only has to try a smallnumber of keys to gain access to the network. Because all of the original IP packets start with a known value, it’seasy to know when you have the right key. To determine a 104 bit WEP key, you have to capture between 2000and 4000 interesting packets. On a fairly busy network that generates one million packets per day, a few hundredinteresting packets might be captured. That would mean that a week or two of capturing would be required todetermine the key.The best defense against this type of attack is not to use those weak IV values. Most vendors are nowimplementing new algorithms that simply do not choose weak IVs. However, if just one station on the networkuses weak keys, the attack can succeed. Abstract from: http://www.opus1.com/www/whitepapers/whatswrongwithwep.pdf

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.