Strong WEP Key Generator
Jouni Malinen
jkmaline at cc.hut.fi
Mon May 5 16:49:22 EST 2003
On Mon, May 05, 2003 at 08:48:23AM +1000, Jason Hecker wrote:
> http://www.warewolflabs.com/portfolio/programming/wepskg/wepskg.html
I don't know whether one should really call anything related to WEP
"strong" ;-), but let's forget that for a moment and concentrate on key
generation..
What exactly makes those keys "strong"? The fact that the key space is
greatly reduced by limiting to printable characters? The 'random 64-bit
WEP key' is limiting 2^40 key space to 95^5, i.e., less than 2^33..
Or might it be the flawed algorithm used in "random" key generation?
I don't know how Math.random() is implemented, but if it is not
"secure", the key space is reduced further. In case of longer keys,
this will most certainly reduce the key space a lot.. For example, if
the pseudo-random number generator produces a sequence of 2^32 numbers,
your "strong" 256-bit keys end up having at most 2^32 different values,
i.e., they are in practice only 32-bit (or probably less) keys..
I would not call that strong key; it looks more like false sense of
security. Actually, that's quite good match for WEP security.. ;-)
In addition, "Custom WEP key" looks more like ASCII->hex converter than
passphrase-based key generation..
--
Jouni Malinen PGP id EFC895FA
More information about the wireless
mailing list