Proof of Intent (was RE: [Long Rant] Re: Encryption Question)
Alex Satrapa
grail at goldweb.com.au
Tue Sep 18 23:45:04 EST 2001
At 13:40 -0400 2001-09-17, Dominick, David wrote:
>I am sorry, but I am not sure where you get your information. That is wrong.
>The encryption is irrelevant to the way we break WEP. The Initialization
>Vector is 24 bit period. that does not change based on encryption size.
>
>[quote snipped]
>
>http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
> is one of a hundred examples I can send you as to how to break WEP without
>cracking the encryption.
News flash - picket fences and garden gnomes don't provide physical
security either.
The point of that part of my rant was that someone has to *try* to
get in if you have WEP enabled. You wouldn't just stumble across
someone's network if WEP was enabled. You'd have to get (up to) five
hours worth of recorded traffic, either by parking your van outside
the office for (up to) five hours, or by driving past slowly every
few minutes to pick up a few seconds of traffic here, a few seconds
there... until you got a IV collision.
Like a picket fence out the front of your house, WEP provides a
border indicator - "This is my place, please stay out."
So let WEP stand for "Wireless Ethereal Picketfence", and you'll
understand where I'm coming from. Picket fences only keep honest
people out. The implication being that anyone who's entered your WEP
network is either invited or has invaded.
The WEP can serve as a proof of intent mechanism, Your Honour.
Though how one would go apprehending the villain sitting out front
your office in a Bedford truck with silvered windows... ring up the
Police and say the guy's stealing your radio waves?
Would catching someone in the middle of AirSnorting your WEP
"protected" network be equivalent to catching someone with their
lockpick in your front door lock?
Would the Police be allowed to ask, "Sir, please show us the contents
of your laptop?" as opposed to "Sir, please show us the contents of
your duffel bag?"
Would the Police even know what to look for?
On a different tack, using MAC restrictions means - at the very least
- that you and your friendly neighbour can have separate wireless
networks without accidentally stomping all over each other's
networks. It would be no fun at all if your DHCP server was
responding to DHCP requests from your friend's network, would it?
This isn't a privacy/security issue, it's a network integrity issue.
WEP and MAC restrictions are trivial to bypass, but WEP requires some
work (sniffing data for some time), and both bypasses require intent.
For this reason alone, I would enable WEP and MAC restrictions just
so that - on the off chance I caught someone snooping - I might
successfully prosecute in a Court of Law.
So I would use WEP, and I would use MAC restrictions - for polite
privacy, to prevent network level interference, and because it's
possible I could use attempts to bypass them as proof of intent.
--
Alex Satrapa tSA Consulting Group Pty Limited
ICQ: 5691434 1 Hall Street, Lyneham, Canberra 2603
PGP Key 0x4C178C9C fx: +61 2 6257 7311 ph: +61 2 6257 7111
PGP Fingerprint E4FA ADE6 97A4 3610 E008 A466 A03E 3D01 4C17 8C9C
More information about the wireless
mailing list