North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: LEAP Security Vulnerabilities??
In message <[email protected]>, Richard A Steenberge n writes: > >On Thu, Jun 13, 2002 at 02:34:29PM -0500, Stephen Sprunk wrote: >> >> WEP's only real failure was the failure to specify keying; vendors (and >> users) with less security experience interpreted this to mean static >> keys were sufficient. >> >> The choice of RC4 was unfortunate given the above problem, but the >> coming switch to AES should fix that. > >Most existing wireless APs cannot keep up with 802.11b doing RC4 (which is >EXTREMELY light on the cpu) at line rate. RC4 if used properly is light-weight. 802.11 is employing it in an unnatural environment, and that causes trouble, including performance issues. More specifically -- RC4 is a stream cipher, which means that it must be employed over a reliable underlying data stream. It's perfect above TCP, for example. But 802.11 is a packet environment, with no underlying stream. Accordingly, the base RC4 key -- 40 bits or 112 bits -- is combined with a 24-bit number (sometimes a counter, sometimes random, but in either case sent in the clear in the packet) to form an actual RC4 key that's used to encrypt just a single packet. The problem is that key setup is roughly as expensive as encrypting 300 bytes or thereabouts. So all those 40-byte TCP ACK packets are a lot more expensive for crypto processing than they should be. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)
|