|
Penetration Testing
mailing list archives
Re: Wireless Pent-Test
From: "Raistlin" <raistlin () gioco net>
Date: Wed, 8 Oct 2003 11:49:53 +0200
This could be understood as "RC4 could be cracked", implying RC4 is
weak, which is not true when used properly.
Sorry, I'm not a native speaker: of course what Cedric points out is totally
correct.
RC4 is weak when used multiple times with a fixed secret key and with a few
bytes of initialization, which are sent out in cleartext. This is exactly
how WEP uses RC4.
The main point I was stressing is that there is another problem of the way
in which WEP uses RC4, which is related to poorly chosen or "weak" IVs,
leading to disclosure of key bits over time.
Stefano "Raistlin" Zanero
System Administrator Gioco.Net
public PGP key block at http://gioco.net/pgpkeys
---------------------------------------------------------------------------
Tired of constantly searching the web for the latest exploits?
Tired of using 300 different tools to do one job?
Get CORE IMPACT and get some rest.
www.coresecurity.com/promos/sf_ept2
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- Re: Wireless Pent-Test, (continued)
RE: Wireless Pent-Test Maxime Rousseau (Oct 06)
Re: Wireless Pent-Test Michael J. Semaniuk (Oct 06)
RE: Wireless Pent-Test Steve De Doncker (Oct 06)
|
Intro
