Explore the vulnerabilities of Wired Equivalent Privacy (WEP) encryption in this 46-minute Black Hat USA 2001 conference talk by Tim Newsham. Delve into the reasons for performing dictionary attacks on WEP and understand the intricacies of WEP encryption and authentication. Examine the flaws in 64-bit and 128-bit key generators, including reduced entropy due to ASCII mapping and PRNG use. Learn about the structure and implementation of a WEP cracker, including packet collection, key guessing, and verification techniques. Discover the implications of these vulnerabilities and related work in the field. Gain valuable insights into the weaknesses of early wireless security protocols and their impact on network security.
Overview
Syllabus
Introduction
Talk overview
Why Perform Dictionary attacks on WEP?
Wired Equivalent Privacy
WEP Encryption
WEP Authentication
128-bit Variant
WEP Keying
Key Entry Example
64-bit key Generator
64-bit Generator Flawed!
ASCI Mapping Reduces Entropy
PRNG Use Reduces Entropy
Entropy of 64-bit Generator is 21-bits
128-bit Generator
Designed and implemented a WEP Cracker
Structure of WEP Cracker
Packet Collector
Making Guesses
Mapping Guesses to Keys
Key Verification
Results
Brute Force of Keys
Implications
Related work - Bad News
That's All Folks...
Taught by
Black Hat
