North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: LEAP Security Vulnerabilities??

  • From: Steven M. Bellovin
  • Date: Sat Jun 15 18:36:52 2002

In message <[email protected]>, Richard A Steenberge
n writes:
>
>On Thu, Jun 13, 2002 at 02:34:29PM -0500, Stephen Sprunk wrote:
>> 
>> WEP's only real failure was the failure to specify keying; vendors (and
>> users) with less security experience interpreted this to mean static
>> keys were sufficient.
>>
>> The choice of RC4 was unfortunate given the above problem, but the
>> coming switch to AES should fix that.
>
>Most existing wireless APs cannot keep up with 802.11b doing RC4 (which is
>EXTREMELY light on the cpu) at line rate. 

RC4 if used properly is light-weight.  802.11 is employing it in an 
unnatural environment, and that causes trouble, including performance 
issues.

More specifically -- RC4 is a stream cipher, which means that it must 
be employed over a reliable underlying data stream.  It's perfect above 
TCP, for example.  But 802.11 is a packet environment, with no 
underlying stream.  Accordingly, the base RC4 key -- 40 bits or 112 
bits -- is combined with a 24-bit number (sometimes a counter, 
sometimes random, but in either case sent in the clear in the packet) 
to form an actual RC4 key that's used to encrypt just a single packet.  
The problem is that key setup is roughly as expensive as encrypting 300 
bytes or thereabouts.  So all those 40-byte TCP ACK packets are a lot 
more expensive for crypto processing than they should be.

		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com ("Firewalls" book)