64 bit WEP keys
- Thread starter Viro
- Start date
As far as I could ascertain when I came across this, you cannot access a 64 bit WEP encrypted access point via Airport. I have a wireless setup that I can access using my G4 with a D-Link DWL-122 usb adaptor with 64 bit encryption with no problems.
However when I tried to connect a Powerbook which only had Airport the only way I could get it to work was set the accesss point to 128 bit encryption or turn encryption off.
However when I tried to connect a Powerbook which only had Airport the only way I could get it to work was set the accesss point to 128 bit encryption or turn encryption off.
Viro
Registered
The thing at the moment is, after I type in 10 hex digits, the OK button is still grayed out since it thinks that I haven't typed in enough digits for 128 bit, and too many for 40 bit.
Looks like I will have to convince the systems adminstrators at my uni to change everything to 128 bit: No small task.
Looks like I will have to convince the systems adminstrators at my uni to change everything to 128 bit: No small task.
Darkshadow
wandering shadow
Hmm, I think the 40-bit key becomes a 64-bit key when hex encoded. Or maybe that's the ASCII encoding of the hex. Don't quite remember.
Darkshadow
wandering shadow
Did you prepend 0x to the digits when you pasted them? IIRC, you need to do that (i.e. 0x123456789a).
scruffy
Notorious Olive Counter
Coupla things
1 - each hex character represents 4 bits. 10 hex chars is a 40 bit number.
2 - WEP doesn't matter, and it doesn't really matter how many key bits you use. The FBI demonstrated, using only publicly available software you or I could download today, cracking 128 bit WEP in 3 minutes. Basically WEP is good for keeping well-meaning people from accidentally mooching your bandwidth. Anyone who actually wants to listen in on your wireless traffic, will be able to, if WEP is all that's protecting it.
3 - There are two key lengths of WEP. Marketing material refers to them as 64 and 128 bit WEP. In reality, they are 40 and 104 bits, respectively - each method uses a 24 bit number called an initialization vector, which is transmitted in the clear, and appended to the actual key to encrypt and decrypt the data. So, the marketers of course include the 24 bits in the claimed key length, even though the secret key data is only 40 or 104 bits.
The initialization vector isn't crap, it's necessary for the encryption to be worth anything. In fact, the current attack methods basically ignore the key length, and attack the fact that the initialization vector is so short - only 24 bits - and that WEP doesn't prevent reuse of the same value of the initialization vector. The same value for the IV must never be reused, or your whole encryption scheme falls to pieces. The fact that WEP doesn't have a method of enforcing this, and not the length of the keys, is the fundamental problem.
Incidentally, WPA is the replacement for WEP, and does some clever things to avoid reusing an IV.
1 - each hex character represents 4 bits. 10 hex chars is a 40 bit number.
2 - WEP doesn't matter, and it doesn't really matter how many key bits you use. The FBI demonstrated, using only publicly available software you or I could download today, cracking 128 bit WEP in 3 minutes. Basically WEP is good for keeping well-meaning people from accidentally mooching your bandwidth. Anyone who actually wants to listen in on your wireless traffic, will be able to, if WEP is all that's protecting it.
3 - There are two key lengths of WEP. Marketing material refers to them as 64 and 128 bit WEP. In reality, they are 40 and 104 bits, respectively - each method uses a 24 bit number called an initialization vector, which is transmitted in the clear, and appended to the actual key to encrypt and decrypt the data. So, the marketers of course include the 24 bits in the claimed key length, even though the secret key data is only 40 or 104 bits.
The initialization vector isn't crap, it's necessary for the encryption to be worth anything. In fact, the current attack methods basically ignore the key length, and attack the fact that the initialization vector is so short - only 24 bits - and that WEP doesn't prevent reuse of the same value of the initialization vector. The same value for the IV must never be reused, or your whole encryption scheme falls to pieces. The fact that WEP doesn't have a method of enforcing this, and not the length of the keys, is the fundamental problem.
Incidentally, WPA is the replacement for WEP, and does some clever things to avoid reusing an IV.