From owner-freebsd-chat@FreeBSD.ORG  Wed Aug 13 02:52:01 2003
Return-Path: <owner-freebsd-chat@FreeBSD.ORG>
Delivered-To: freebsd-chat@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 635AD37B401
	for <chat@freebsd.org>; Wed, 13 Aug 2003 02:52:01 -0700 (PDT)
Received: from vhost109.his.com (vhost109.his.com [216.194.225.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5BC7743F3F
	for <chat@freebsd.org>; Wed, 13 Aug 2003 02:52:00 -0700 (PDT)
	(envelope-from brad.knowles@skynet.be)
Received: from [10.0.1.4] (localhost.his.com [127.0.0.1])
	by vhost109.his.com (8.12.6p2/8.12.3) with ESMTP id h7D9prKR091973;
	Wed, 13 Aug 2003 05:51:58 -0400 (EDT)
	(envelope-from brad.knowles@skynet.be)
Mime-Version: 1.0
X-Sender: bs663385@pop.skynet.be
Message-Id: <a0600120fbb5fb9f0a91c@[10.0.1.4]>
In-Reply-To: <3F3A0581.9010908@iconoplex.co.uk>
References: 
 <Pine.NEB.3.96L.1030811133518.66226B-100000@fledge.watson.org>
 <3F37D493.9050604@potentialtech.com>
 <44lltyij8s.fsf@be-well.ilk.org>
 <3F397708.7050803@potentialtech.com>
 <3F3A0581.9010908@iconoplex.co.uk>
Date: Wed, 13 Aug 2003 11:51:34 +0200
To: Paul Robinson <paul@iconoplex.co.uk>
From: Brad Knowles <brad.knowles@skynet.be>
Content-Type: text/plain; charset="us-ascii" ; format="flowed"
cc: chat@freebsd.org
cc: Bill Moran <wmoran@potentialtech.com>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal
X-BeenThere: freebsd-chat@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Non technical items related to the community
	<freebsd-chat.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-chat>
List-Post: <mailto:freebsd-chat@freebsd.org>
List-Help: <mailto:freebsd-chat-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-chat>,
	<mailto:freebsd-chat-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Aug 2003 09:52:01 -0000

At 10:31 AM +0100 2003/08/13, Paul Robinson wrote:

>  Great, so I send you 10Mb of WEP traffic caught off the air, you
>  can decrypt it for me? You see, to me it's just a big mess of
>  encrypted traffic, but you obviously have some secret technique
>  (or should that be "t3kni|<" ?) for breaking it trivially. If
>  you can't, you've just shown it has some security advantage. Which
>  it has.

	Given the weak 24-bit IV that is common to both 64-bit and 
128-bit WEP, and the way this IV is frequently used, it should be 
pretty easy to crack.  Just a few hours near a busy wireless access 
point is usually more than enough.

	If you really do have 10MB of WEP traffic, odds are that's got 
enough information to be useful.

-- 
Brad Knowles, <brad.knowles@skynet.be>

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.

GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)