Proof of Intent (was RE: [Long Rant] Re: Encryption Question)

Alex Satrapa grail at goldweb.com.au
Tue Sep 18 23:45:04 EST 2001 

At 13:40 -0400 2001-09-17, Dominick, David wrote:
>I am sorry, but I am not sure where you get your information. That is wrong.
>The encryption is irrelevant to the way we break WEP. The Initialization
>Vector is 24 bit period. that does not change based on encryption size.
>
>[quote snipped]
>
>http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html
>  is one of a hundred examples I can send you as to how to break WEP without
>cracking the encryption.

News flash - picket fences and garden gnomes don't provide physical 
security either.

The point of that part of my rant was that someone has to *try* to 
get in if you have WEP enabled. You wouldn't just stumble across 
someone's network if WEP was enabled. You'd have to get (up to) five 
hours worth of recorded traffic, either by parking your van outside 
the office for (up to) five hours, or by driving past slowly every 
few minutes to pick up a few seconds of traffic here, a few seconds 
there... until you got a IV collision.

Like a picket fence out the front of your house, WEP provides a 
border indicator - "This is my place, please stay out."

So let WEP stand for "Wireless Ethereal Picketfence", and you'll 
understand where I'm coming from. Picket fences only keep honest 
people out. The implication being that anyone who's entered your WEP 
network is either invited or has invaded.

The WEP can serve as a proof of intent mechanism, Your Honour.

Though how one would go apprehending the villain sitting out front 
your office in a Bedford truck with silvered windows... ring up the 
Police and say the guy's stealing your radio waves?

Would catching someone in the middle of AirSnorting your WEP 
"protected" network be equivalent to catching someone with their 
lockpick in your front door lock?

Would the Police be allowed to ask, "Sir, please show us the contents 
of your laptop?" as opposed to "Sir, please show us the contents of 
your duffel bag?"

Would the Police even know what to look for?

On a different tack, using MAC restrictions means - at the very least 
- that you and your friendly neighbour can have separate wireless 
networks without accidentally stomping all over each other's 
networks. It would be no fun at all if your DHCP server was 
responding to DHCP requests from your friend's network, would it? 
This isn't a privacy/security issue, it's a network integrity issue.

WEP and MAC restrictions are trivial to bypass, but WEP requires some 
work (sniffing data for some time), and both bypasses require intent. 
For this reason alone, I would enable WEP and MAC restrictions just 
so that - on the off chance I caught someone snooping - I might 
successfully prosecute in a Court of Law.

So I would use WEP, and I would use MAC restrictions - for polite 
privacy, to prevent network level interference, and because it's 
possible I could use attempts to bypass them as proof of intent.
-- 
Alex Satrapa                      tSA Consulting Group Pty Limited
ICQ: 5691434                 1 Hall Street, Lyneham, Canberra 2603
PGP Key 0x4C178C9C        fx: +61 2 6257 7311  ph: +61 2 6257 7111
PGP Fingerprint E4FA ADE6 97A4 3610 E008  A466 A03E 3D01 4C17 8C9C

More information about the wireless mailing list