http://www.Linux-Wireless.com Wireless HOWTO HowTo Install-HOWTO MailingList Security Sniffers Standards Encryption Drivers AP WPA SOHO AP Bridge HotSpots Commercial-Antenna Your-Own-Cantenna Connectors/Cables 1U Rackmount Chassis Custom-Chassis.com Linux-1U.net 1U-ITX.net ITX-Blades.net Small PC cases Mini-Box.net Wrap-Box.net Wrap-OS.net Wan-Sim.net Linux-Consulting.com Linux-CAE.net Linux-Sec.net Linux-Boot.net Linux-Backup.net Linux-Wireless.org Linux-Office.net Linux-Video.net Linux-VOIP.net Linux-Jobs.net Linux-Diff.net 1U-Raid5.net Linux-Howto.net Spam Reporting Free Linux CDs ISO9660.org Distro-CD.org Patch-CD.org Contact Linux is a registered trademark of Linus Torvalds More Linux Legalese

Wireless Encryptions WEP - Wired Equivalent Privacy (WEP) algorithm - See page 13 and pg 28 for pics ( Acsac.org ) - WEP uses 40-bit RC4 encryption - uses 64 or 128-bit encryption keys - WEP key is static - RC4 is a stream cipher commonly used by SSL - WEP is already cracked (in Feb 2001 ) by Scott Fluhrer, Mantin, Shamir - Those exploit scripts was posted around Aug 2001 by someone - WEP keys can be reversed in as little as 15 minutes ( Jerry Wang ) - the 24-bit IV (initialization vector) is used by 64-bit and 128-bit keys - short IV subjectto brute force attacks - subject to man-in-the-middle attacks - the message can be modified - no user authentication - no key management TKIP - Temporal Key Integrity Protocol (replaces WEP ) - See page 13 and pg 28 for pic Acsac.org ) - initially referred to as WEP2 - uses 48bit Initialzation Vector - starts with a shared 128-bit key among clients and access points - combines the temporal key with the client's MAC address - adds a relatively large 16-octet initialization vector - still uses the RC4 to perform the encryption - changes temporal keys every 10,000 packets AES - Advanced Encryption Standard (to replace TKIP ) EAP - Extensible Authentication Protocol ( RFC-2284 ) EAP-MD0n login and passwd EAP-Cisco ( LEAP ) uses MS-CHAPv1 w/ known vulnerabilities EAP-TLS uses X.509 digital certificates EAP-TTLS ( PEAP ) alternative to EAP-TLS WPA - Wi-Fi Protected Access ( Wi-Fi.org ) - up to 256-bit encryption keys - WPA key is dynamic, changes every 50min on linksys - WPA-Personal mode, aka Pre-Shared Key (WPA-PSK) - WPA-Enterprise mode, aka WPA-RADIUS - WPA automatically generates a new unique encryption key periodically for each client - uses temporal keys ( TKIP ) - user authentication ( Radius, LDAP ) - Supports MIC - Message integrity code - 64-bit cryptographic tag - WPA2 uses AES instead of RC4 MIC - Message Integrity Check ( aka Michael ) SSN - Simple Secure Networks RSA/HiFn - proposal include Ron Rivest WEP Example Key WlanResearch.com Cisco LEAP vs IPSec VPN Mail-Archive.com Change your key often to minimize WEP vulnerabilities In WF1 the 802.11 WEP keys would be changed many times each hour, say every 10 minutes. A parameter, P , determines how many time per hour the key is to be changed, where P must divide 3600 evenly. The WEP keys are derived from a master key, M, by taking the low order N bits (N = 40, 104, whatever) of the SHA1 hash of the master key with the date and time (UTC) of the key change appended. WF1 - WEP fix-1 WEPkey = Bits[0-N](SHA1(M | yyyymmddhhmmss)) WF2 - WEP fix-2 WEPkey = Bits[0-N](SHA1(M | Sender's address | yyyymmddhhmmss))

Copyright © 2000	Linux-Consulting	All Rights Reserved.	Updated: Sun Dec 19 22:38:36 2004 PDT