̈ Chapter 11: Wireless LAN – WLAN LANCOM Reference Manual LCOS 3.50
219
Wireless LAN – WLAN
for certain values of the RC4 key, conclusions may be drawn about the first
values of the pseudo-random sequence it generates—thus about the bytes
with which the beginning of the packet are encrypted. This property of RC4
can be relatively easily avoided, for instance by discarding the first bytes of the
pseudo-random byte sequence and only using the "later" bytes for
encryption, and this is often done nowadays when RC4 is used. But when this
discovery was first made WEP in its described form was already part of the
IEEE standard and indelibly incorporated into the hardware of the widely
distributed WLAN cards.
Very unfortunately, these "weak" values of RC4 keys can be recognised by
particular values in the first bytes of the RC4 key, and in WEP that happens in
the IV in each packet—which is transmitted in clear text. Once this
connection was discovered, specialised sniffer tools quickly appeared on the
Internet, which watched for packets with these 'weak IVs', and thus only had
to process a fraction of the total traffic. Depending on the amount of data
being transferred in a WLAN, such tools can crack the encryption in a fraction
of the time mentioned above. With longer WEP keys (such as 104 instead of
40 bits) this may take a little longer, but the time required for cracking grows
at best linearly with the key length, not exponentially, as is usually the case.
Unfortunately the CRC checksums contained in the packets also haven't lived
up to expectations. Ways were found to change encrypted packets under
certain conditions even without knowledge of the WEP key in such a way that
the CRC is still valid after decryption on the receiving end. So WEP therefore
cannot guarantee that a packet hasn't been changed on the way from sender
to receiver.
These weaknesses unfortunately degraded WEP to an encryption scheme
which at best could be used to protect a home network against 'accidental
eavesdroppers.' These discoveries gave rise to much controversy, gave WLAN
the reputation of being unsafe technology, and forced manufacturers to
action. WLAN is, however, a standardised technology, and better standards
don't come into being from one day to the next—which is why there were a
few intermediate steps to a secure solution, which at least blunted the worst
of WEP's design flaws.
11.2.3 WEPplus
As explained in the previous section, the use of 'weak' IV values was the
problem which weakened the WEP process most. Only a few weeks after the
publication, tools like 'WEPCrack' and 'AirSnort' appeared on the Internet,