Date: Wed, 13 Aug 2003 17:30:54 +0100 From: Paul Robinson <paul@iconoplex.co.uk> To: Bill Moran <wmoran@potentialtech.com> Cc: chat@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-03:09.signal Message-ID: <3F3A67BE.8060606@iconoplex.co.uk> In-Reply-To: <3F3A3EBD.1090905@potentialtech.com> References: <Pine.NEB.3.96L.1030811133518.66226B-100000@fledge.watson.org> <3F37D493.9050604@potentialtech.com> <44lltyij8s.fsf@be-well.ilk.org> <3F397708.7050803@potentialtech.com> <3F3A0581.9010908@iconoplex.co.uk> <3F3A3EBD.1090905@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bill Moran wrote: > to demonstrate whether or not it was really doable. Again, my memory > could be off, but I think they showed that it took less than 15 minutes > of sniffing to break WEP on average. Their report is quite detailed, > including the exact (cheap) hardware that was required to capture the > packets. Abuse google if you want the details. The last time I looked > the data was still online. It required 2Gbytes of traffic before frequency analysis (the tactic) was viable. Since then, if you've patched your firmware, you'll have stronger crypto available. If you don't patch, you don't enable it, whatever, that's your problem, not WEP's. Sure, like any other security issue, there will be sites running poor WEP crypto, but again, that's like any other security vulnerability. > OK, you caught me at my own game here, Mr English. You're right, I used > the word incorrectly. But don't put words in my mouth. WEP _is_ > unsecure. There's no guessing about it. Not much more so than most other on-the-wire public key crypto systems. > *Hugs his WEP* Awwwww.... but I thought it was evil? :-) -- Paul Robinson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F3A67BE.8060606>