Researchers Put Nail in WEP’s Coffin
DarkReading.com | April 9, 2007
Its first flaws were exposed more than six years ago, but WEP continues to be one of the industry’s most popular means of encrypting wireless transmissions. Now German researchers say they’ve found a hack that might put the flawed protocol down once and for all.
Speaking at a conference in Hamburg, Germany over the weekend, three researchers from the Darmstadt University of Technology demonstrated their ability to extract a WEP encryption key from an intercepted stream of data in about three seconds.
From the researcher’s site.
it is possible to recover a 104 bit WEP key with probability 50% using just 40,000 captured packets. For 60,000 available data packets, the success probability is about 80% and for 85,000 data packets about 95%. Using active techniques like deauth and ARP re-injection, 40,000 packets can be captured in less than one minute under good condition. The actual computation takes about 3 seconds and 3 MB main memory on a Pentium-M 1.7 GHz and can additionally be optimized for devices with slower CPUs. The same attack can be used for 40 bit keys too with an even higher success probability.