Re: [nsp] Encryption (was Re: Wireless LAN's)

From: Nick Bastin (nbastin@opnet.com)
Date: Thu Nov 09 2000 - 21:29:02 EST


On Thursday, November 9, 2000, at 02:02 PM, Tony Tauber wrote:
> A while ago I heard a similar assertion that the implementation
> of this encryption wasn't too strong. I accepted it at face value
> since it triggered in my mind that there might be some known-text
> type of approach that could be brought to bear since I can imagine
> that much of the regular traffic on ethernets have some known
> fingerprints (eg. ARP requests/replies). However, taking the
> example above I break down the calculation this way:
>
> prompt-~114: bc -l
> 2^56/(1000000*60*60*24*365)
> 2284.93131779325012683916
>
> (Denominator: 1Mkeys/sec*60sec/min*60min/hr*24hr/day*365day/year)
>
> That is: well over 2,000 years to move through all possible 56-bit keys.
>
> Is this right? I don't know anything about how quickly or craftily
> brute-force attacks can actually move.

Strong, in cryptography, is an entirely relative term. It's relative to how bad you want the data and how much you want to spend. For less than $150k, you can slap together a specialized computer which can eat through the entire 56-bit key set in less than a week, and less than a day if you restrict yourself to 7-bit ASCII. Throw some more money at it, and you can process even faster. I don't think most large corporations would even bat an eye at spending a quarter million or so so they could find out the trade secrets of their neighbors in half a week. Given enough money, 128-bit will fall as well. Also, it is important to remember that the bit lengths for 802.11b are 40-bit and 128-bit, not 56-bit and 128-bit, which makes it even easier. (Those vendors which advertise WEP-64 are taking the 40-bit key and adding a 24-bit host identifier, but it doesn't make the key any stronger, just longer, as the identifier never changes).

--
Nick Bastin
Software Engineer
OPNET Technologies, Inc.



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:20 EDT