RE: WEP attacks based on IV Collisions

From: pen-test@nym.hush.com
Date: Thu Jun 03 2004 - 16:43:39 EDT


> Authentication in WEP works quite surprisingly like this: AP
> sends a challengetext in clear (128 bit), supplicant answers
> with the same challengetext crypted with the wep key, AP checks
> correctness of the encryption and authenticates the client.

This is only true if Shared Key Authentication is in use. Vendors saw
this as moronic years ago. I'm not sure how many AP's (if any) use Shared
Key Authentication as the default, but every AP I've seen has had Open
System Authentication as an option (which essentially just skips that
step).



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:55 EDT