FreeBSD Security Advisory FreeBSD-SA-03:09.signal
paul at iconoplex.co.uk
Wed Aug 13 09:31:07 PDT 2003
Bill Moran wrote:
> to demonstrate whether or not it was really doable. Again, my memory
> could be off, but I think they showed that it took less than 15 minutes
> of sniffing to break WEP on average. Their report is quite detailed,
> including the exact (cheap) hardware that was required to capture the
> packets. Abuse google if you want the details. The last time I looked
> the data was still online.
It required 2Gbytes of traffic before frequency analysis (the tactic)
was viable. Since then, if you've patched your firmware, you'll have
stronger crypto available. If you don't patch, you don't enable it,
whatever, that's your problem, not WEP's. Sure, like any other security
issue, there will be sites running poor WEP crypto, but again, that's
like any other security vulnerability.
> OK, you caught me at my own game here, Mr English. You're right, I used
> the word incorrectly. But don't put words in my mouth. WEP _is_
> unsecure. There's no guessing about it.
Not much more so than most other on-the-wire public key crypto systems.
> *Hugs his WEP*
Awwwww.... but I thought it was evil? :-)
More information about the freebsd-chat