Quote:
|
Originally Posted by JStrider
i know you can find out the WEP encryption with some software that catches all the packets it can being sent and looks for certain "interesting" packets and after its gotten enough of them in can tell you the password... it normally takes a couple days at minimum... longer if their is low traffic...
|
I think you misunderstand the recent developments in WLAN security.
WEP itself is a fundamentally weak encryption protocol. I won't go into technical details here, but due to the statistical probability of reusing a particular IV (Initialization Vector) to generate your WEP key, it's possible to crack WEP if you capture a sufficient number of packets. In other words, if you "listen" long enough, capture the packets and "decode" them offline later.
What does this mean?
If you "listen" (or "capture") enough WLAN packets, you can break the WEP key by using some freely available tools. Basically this means you setup your laptop to intercept WLAN traffic, and use the packets you capture to crack the key (more details available upon request).
WPA (
WiFi
Protected
Access) introduces some significant enhancements to basic WEP to address these weaknesses. The most important contribution is a new (sub)protocol called TKIP. This stands for Temporal Key Integrity Protocol. It basically means that each and every packet uses a
different (or non-predictable) IV value to generate the particular WEP key value, thereby avoiding the statistical probability of a hacker ascertaining your basic WEP key.
WPA also introduces BKR (Broadcast Key Rotation) and MIC (Message Integrity Check) that address other, less well known, weaknesses.
Finally, WPA also provides a system for
key management, that allows the periodic regeneration of WEP keys,
irrespective of the added security provided by TKIP.
In otherwords, WPA hardens wireless security to level such that is
UNBROKEN and entirely secure.
Now, let's move on.
WPA is based upon WEP. And we know that WEP is fundamentally flawed. So the IEEE moved to introduce new security protocols to improve security in wireless networks. Hence the introduction of 802.11i (also known as WPA2).
Without going into too much detail, 802.11i/WPA2 replaces WEP entirely with a new block-cipher system based upon AES (or Advanced Encryption Standar). This is the encryption standard required by the US Government and Federal Agencies and is required for FIPS140 compliance (the Federal standard for encryption used for sensitive information).
What does this mean?
802.11i is even "stronger" than WPA. It should be considered the "next generation" of wireless security. Like WPA, it is currently unbroken and entirely secure.
THEREFORE...
WLANs have two options for copper-fastened security.
WEP with WPA (TKIP, MIC, BKR and key management)
or
802.11i / WPA2 (AES and key management)
Anyone who tells you WLANs cannot be secured doesn't know what they're talking about. If board-members want more information, or links to technical specs and documentation, just ask.
Mr Mephisto