Wireless LAN – WLAN
36
3.2
Development of WLAN security
BAT54-Rail/F..
Release
7.54
06/08
However, RC4 has one serious disadvantage: one may only use a particular
RC4 key once for a single packet, as two different packets that have been
coded with the same RC4 key potentially provide the basis to reproduce the
original data. As it would be impracticable for the user to enter a new code
key for every data packet, WEP combines this key with an additional internal
key, the initial vector (IV). This is automatically changed from packet to pack-
et.
The IEEE standard originally foresaw a relatively short key length of 40 bits,
which was probably oriented towards the then-existing US export restrictions
on strong cryptography; this variant in combination with the 24 bits of the IV
is usually referred to as WEP64. Most WLAN cards today support a variant
in which the user can configure a 104-bit key, which results in a 128 bit long
RC4 key—correspondingly, this is often called WEP128. More seldom are
key lengths of 128 bits (WEP152) or 232 bits (WEP 256). In principle RC4
can work with key lengths of up to 2048 bits (WEP keys of up to 2024 bits),
although in practice key lengths reach a simple limit at which the user can
manage to enter the columns of digits without making a mistake.
The IEEE standard specifies that up to four different WEP keys can exist in
one WLAN. The sender encodes the number of the WEP key used in the en-
crypted packet along with the initial vector, so that the receiver can use the
appropriate key. The idea behind this was that old keys in a WLAN could
gradually be exchanged for new keys, in that stations which had not yet re-
ceived the new key could still use an old key during a transition period.
One of the chief weakness of WEP is the length of the initial vector, which is
far too short. As mentioned previously, the repetition of a key with RC4 pre-
sents a significant security loophole which, with a length of just 24 bits, can
occur within just a few hours depending on the data rate. Since particular por-
tions of the encrypted data packets can quickly offer conclusive information
about the key, an eavesdropper only needs to process a small amount of the
data traffic with specialized sniffer tools in order to crack the key. These
weaknesses unfortunately degraded WEP to an encryption scheme which at
best could be used to protect a home network against 'accidental eavesdrop-
pers.'
To Next Page
Loading...
