[lug] wireless points in Boulder (fwd)
Ferdinand Schmid
fschmid at archenergy.com
Fri Apr 5 16:49:09 MST 2002
I disagree - if someone tells me they are doing 64bit encryption then I
don't want to see the first 24 bits wasted for a plain text IV. Some
companies actually call this 40 bit encryption (D-link and other
vendors).
Otherwise I could fill a 256 bit key with 128 bits of garbage and only
use the last 128 bit and call this 256 bit encryption. The actual
encryption algorithm however only uses 128 bit so cracking it only
requires cracking 128 bits and not 256 bits.
This nomenclature would be (and is) very deceiving to end users.
Ferdinand
"M. Warner Losh" wrote:
>
> In message: <Pine.LNX.4.21.0204051535130.20845-100000 at gemini.its.bldrdoc.gov>
> "J. Wayde Allen" <wallen at lug.boulder.co.us> writes:
> : The fact that anyone can even spoof mac addresses using 802.11b is
> : simply outrageous! Let alone the failed attempts for encryption. They
> : don't even have the numer of bits for encryption right! Lucent's claim
> : if 128 bit is really 104 bit - 64bit is really 40 bit...
>
> Actually, 64 and 128 bits *ARE* right. But the other 24 bits are the
> IV. The "secret" part of the key is 104bits, but they are doing
> 128bit encryption. Sadly, each packet contains 24bits of key which is
> the IV.
>
> The summary of the talk: "The folks that did WEP were
> cryptographically naive fokls that designed a massively insecure
> protocol."
>
> Warner
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
--
Ferdinand Schmid
Architectural Energy Corporation
Celebrating 20 Years of Improving Building Energy Performance
http://www.archenergy.com
More information about the LUG
mailing list