# 64 bit WEP keys



## Viro (Apr 19, 2005)

I've been give some 64 bit keys (10 hex digits) for a wireless network at work. I have no idea how to use that with my Powerbook's Airport Extreme since it only accepts 40 bit or 128 bit keys. What are my options?


----------



## Zammy-Sam (Apr 19, 2005)

Is it possible to save a 10 digit hexcode on a 128bit key? 
Or maybe the WEP exchange is like a safe: it compares bit to bit and when the 64bits are done, it will simply drop the remaining 64bit from the 128bit key and allow the access.


----------



## Tommo (Apr 19, 2005)

As far as I could ascertain when I came across this, you cannot access a 64 bit WEP encrypted access point via Airport. I have a wireless setup that I can access using my G4 with a D-Link DWL-122 usb adaptor with 64 bit encryption with no problems.

However when I tried to connect a Powerbook which only had Airport the only way I could get it to work was set the accesss point to 128 bit encryption or turn encryption off.


----------



## Viro (Apr 19, 2005)

The thing at the moment is, after I type in 10 hex digits, the OK button is still grayed out since it thinks that I haven't typed in enough digits for 128 bit, and too many for 40 bit. 

Looks like I will have to convince the systems adminstrators at my uni to change everything to 128 bit: No small task.


----------



## Tommo (Apr 19, 2005)

A 128bit encryption key has 14 hex pairs in it, I'm not sure how many in a 40bit key.

I don't envy you trying to get them to change it.


----------



## Carlo (Apr 19, 2005)

40bit wep.. Im surprised they even bother. It would take all of 15 minutes for someone dedicated to the task to crack that wep key.

dunno about this 64bit wep key.. Normally its 40 or 128. 

it could be a 40bit key with the header info.. hrmmz


----------



## rbb (Apr 20, 2005)

There is no such thing as a 64-bit WEP Key, it is a 40-bit key with crap leading it.  The only size keys are 40-bit and 104-bit.  Manufactures add crap at the front of the key to make it 64/128-bit.


----------



## Darkshadow (Apr 20, 2005)

Hmm, I think the 40-bit key becomes a 64-bit key when hex encoded.  Or maybe that's the ASCII encoding of the hex.  Don't quite remember.


----------



## Viro (Apr 21, 2005)

OK.... so if I'm given a 10 digit key, what do I do with it?


----------



## Darkshadow (Apr 21, 2005)

Did you prepend *0x* to the digits when you pasted them?  IIRC, you need to do that (i.e. *0x123456789a*).


----------



## scruffy (Apr 23, 2005)

Coupla things

1 - each hex character represents 4 bits.  10 hex chars is a 40 bit number.

2 - WEP doesn't matter, and it doesn't really matter how many key bits you use.  The FBI demonstrated, using only publicly available software you or I could download today, cracking 128 bit WEP in 3 minutes.  Basically WEP is good for keeping well-meaning people from accidentally mooching your bandwidth.  Anyone who actually wants to listen in on your wireless traffic, will be able to, if WEP is all that's protecting it.

3 - There are two key lengths of WEP.  Marketing material refers to them as 64 and 128 bit WEP.  In reality, they are 40 and 104 bits, respectively - each method uses a 24 bit number called an initialization vector, which is transmitted in the clear, and appended to the actual key to encrypt and decrypt the data.  So, the marketers of course include the 24 bits in the claimed key length, even though the secret key data is only 40 or 104 bits.  

The initialization vector isn't crap, it's necessary for the encryption to be worth anything.  In fact, the current attack methods basically ignore the key length, and attack the fact that the initialization vector is so short - only 24 bits - and that WEP doesn't prevent reuse of the same value of the initialization vector.  The same value for the IV must never be reused, or your whole encryption scheme falls to pieces.  The fact that WEP doesn't have a method of enforcing this, and not the length of the keys, is the fundamental problem.

Incidentally, WPA is the replacement for WEP, and does some clever things to avoid reusing an IV.


----------

