how secure is 128bit WEP realistically?

vibe666

i keep hearing about how 128bit WEP is only slightly more secure than 40 or 60bit which can be broken with a few simple free downloadable tools off the net and a linux/windows laptop with the right knowledge, but how likely is it that someone will actually break the encryption and do something malicious with your AP?

I have an Airway Transport which I have connected directly to the ethernet port on my IOLBB prestige modem (desktop PC has the USB connection shared to the rest of my network) and although I have 128bit WEP running I can't use WPA with the AP (trying to get a firmware update, but it's like gettign blood from a stone with Airway, as I have to get an authorization code from them for the AP before I can do the update through the web interface on the AP itself). It won't let me use MAC filtering either wich is bothering me, so I only have the one line of defence.

I'm going to try and update the firmware but if that doesn't give me the features i want then I'm going to go for the linksys monster wifi(g) router with 4 ethernet ports and all the other knobs and whisles you'd expect.

so, back to my original question. if someone was wardriving and got a sniff of my AP (can't even turn off SSID broadcast on the damn thing) how long and how likely is it that someone could hack into my AP and do some damage? I'm thinking along the lines of using my net connection for nafarious things rather than anything else, as they won't get from the wifi connection onto my internal network through the modem.

Paulw

Some quick tips -

Change your WEP key frequently.
Turn off SSID broadcast
Use MAC addressing

If you do all three, then your network is as secure as possible.

Any encryption can be broken - given time and computing resources. 128bit is much more secure than 64bit. It's twice (or more) harder to crack.

oscarBravo

Paulw wrote:

128bit is much more secure than 64bit. It's twice (or more) harder to crack.

Notwithstanding any possible flaws in the WEP implementation, shouldn't the increase in difficulty be exponential? As in, the difficulty in cracking 128bit is the square of the difficulty in cracking 64bit?

64 bits is 18446744073709551616, while 128 bits is 3.402823669e+38 - a rather substantially larger number of possible keys.

tribble

Adding a single bit should in theory double the time it takes to brute force.

bminish

oscarBravo wrote:

Notwithstanding any possible flaws in the WEP implementation, shouldn't the increase in difficulty be exponential? As in, the difficulty in cracking 128bit is the square of the difficulty in cracking 64bit?

64 bits is 18446744073709551616, while 128 bits is 3.402823669e+38 - a rather substantially larger number of possible keys.

It's the flaws in WEP that make it so vulnerable, You need to sniff quite a bit of data to break 128 bit keys but since the sniffing operation is passive this may not be such a big deal.
Some newer implementations of WEP now avoid using vulnerable key combinations making wep a lot more secure

here is a tool for breaking wep if you wish to have a play with it
http://airsnort.shmoo.com/

theciscokid

vibe666 wrote:

i
so, back to my original question. if someone was wardriving and got a sniff of my AP (can't even turn off SSID broadcast on the damn thing) how long and how likely is it that someone could hack into my AP and do some damage? I'm thinking along the lines of using my net connection for nafarious things rather than anything else, as they won't get from the wifi connection onto my internal network through the modem.

Depends on the traffic, if its high volume - you need around 2 million data packets (of which approx. 4,000 weak keys are needed) - you could have it done in 3-4 hours

Rew

Paulw wrote:

Some quick tips -

Change your WEP key frequently.
Turn off SSID broadcast
Use MAC addressing

If you do all three, then your network is as secure as possible.

Its MORE secure but far from as secure as possible

Capt'n Midnight

oscarBravo wrote:

Notwithstanding any possible flaws in the WEP implementation, shouldn't the increase in difficulty be exponential? As in, the difficulty in cracking 128bit is the square of the difficulty in cracking 64bit?

64 bits is 18446744073709551616, while 128 bits is 3.402823669e+38 - a rather substantially larger number of possible keys.

a / it's not 64 bits it's 40 bits + 24 bits of a predictable "magic number"

b / at the 128 bit encryption there will be a weak packet every GB or so and that packet is relatively quick to break.

You can use other schemes like PPTP to cross encrypt everything too so more layers. IPSEC , CIPE , Zebedee are more secure but more difficult to setup.

WPA - not sure how secure this is but better then WEP

vibe666

i've read that with current technology WPA is 'more or less' unbreakable in any practical sense, although you know them sneaky hackers will have a damn good go at anything 'hackerproof' just to prove a point.

from what i understand it's down to the fact that after the initial setup of the WPA key (which apparently, according to my reading) isn't a lot different than WEP, the key is periodically changed by the AP (which then sends it to the PC in question automatically) for a random one well before that magic number required to break it or WEP is ever reached.

AFAIK anyway. from my limited understanding from what I've read.

oh, and i also saw that due to the weaknesses of the way WEP works, 128bit is definately only slightly more secure than 40 or 60bit, not even close to twice as hard to crack apparently.

yet again, I digress, anyway. so what you're saying is that unless I'm moving lots of data over the wifi connection (which I'm not) it should be safe.

it's only used for web browsing, and nothing more, so I don't think I need to worry then. my only worry was that it might be possible to hack the connection while it was sittign idle, but if it takes data going back and forth to do it (a gb or more from what cisco says) then i'll be safe for a month before i need to change my key, assuming someone has the patience to wait that long, of course.

Rew

WPA is WEP with a better encryption algorythem basically. It has a few extra bells and wistles but nothing of note.

WPA has a weakness if you use a fairly simple key. Its easy to avoide you just use somthing fairly random (ie not a real word).

Its put better HERE

Stated more accurately, the Pre-Shared Key (PSK) option of WPA, using
the recommended text-to-key hashing algorithm, has a little weakness.
And only when humans fail to use the recommended 20-character or larger,
mixed text, numerics, etc. type of pass-phrases (i.e. pass-phrases that
are more inherently resistant to dictionary attack). PSK mode is
expected to be used in home and SOHO environments.

This is not a problem for the IEEE 802.1X authenticated key management
(AKM) mode of operation for WPA. 802.1X AKM is expected to be used in
enterprise environments.

vibe666

ah well, i was kinda close.

Rew

vibe666 wrote:

ah well, i was kinda close.

LOL

Take all the precautions you can. If you keep you machines on the wireless patched and up to date the worst that can happen is that sombody will steal your bandwith. You have to access the threat. How much is anybody going to want to break in to your network/PC? The reality is most people just wont be bothered.

WPA if you can
128 WEP if you cannt use WPA
MAC filtering
Hidden ESSID if you can

I also tend to plug out my AP at night when I remember. Im not using it between 11pm and 6pm tthe next day. I leave it pluged out if im away.

The problems with WEP have been blown out of proportion. The flaws that were present in the early implimentations to the most part no longer exisit in newer hardware. The problem was not with the secure RC4 encryption but how the random seed or Initilisation Vector was generated. It led to occasional weak packets. When enough of these were collected the encrytion key can be found.
That said WEP has very poor key managment. In practice with new hardware WEP is secure and not subject to vurnerabilities that are widely reported.