RE: Dumb question abt. Wireless WEP security 2 - ssl

["Prasad S. Athawale" <athawale () buffalo edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

        >.wireless communicatins is done with 40bit rc4 cipher... NOT ssl
...

Agreed. It uses a 64 bit key (14 bit is plain text - hence 40 bit).
Some of them also use 128 bit (effective 114 bit).


        >rc4 has been broken back in feb 2001 by simple brute force, and/or
        >by people using dictionary or trivial passwords

Yes encryption has been broken - to reveal the underlying data - in
case the data was encrypted before being transmitted via WEP all you
get (after brute forcing WEP) is the data in encrypted form of the
earlier encryption.

        >even if you use wireless w/ ssh or ssl ... your encrypted ssh/ssl
        >data is ( wirelessly ) sniffed and decryptable since your initial
        >passwd/pass phrase was also sniffed

As regards SSL 'password' or rather 'passphrase' this gets decided
using conventional public key encryption schema viz . Diffie Helman/
RSA etc. This has nothing to do with WEP - and this encryption would
happen before the WEP is done - which would be at transmission time.

Hope my point is understood.

Any thought anyone ?
- -------------------------------------------------------------
Prasad S. Athawale
Graduate Student
University at Buffalo
- -------------------------------------------------------------
' there are 10 kinds of people in this world - those who understand
binary and those who don't'

- -----Original Message-----
From: Alvin Oga [mailto:alvin.sec () Virtual Linux-Consulting com] 
Sent: Sunday, January 25, 2004 4:25 PM
To: athawale () buffalo edu
Cc: security-basics () securityfocus com
Subject: Re: Dumb question abt. Wireless WEP security 2 - ssl


hi ya hth

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi!
>
> As per my understanding, the SSL channel - will not be compromised
> in case the password is discovered. Of course - in such a case you
> don't need to do any kind of sniffing etc, u can directly log in!
> but
> technically - the 48 byte passphrase used to encrypt the SSL
> connection (which uses a pre-determined encryption algo (RSA,DES
> etc)) is exchanged between the the server and the client before the
> https connection can be setup.
 
wireless communicatins is done with 40bit rc4 cipher... NOT ssl ...

rc4 has been broken back in feb 2001 by simple brute force, and/or
by people using dictionary or trivial passwords

even if you use wireless w/ ssh or ssl ... your encrypted ssh/ssl
data is ( wirelessly ) sniffed and decryptable since your initial
passwd/pass phrase was also sniffed

c ya
alvin

> ssh/ssl encryption doesnt help if you use insecure passphrases
> or an exploitable ssh daemon/clients
>
> (wireless stuff) wep is cracked ...
>
> more wireless fun
>       http://www.Linux-Sec.net/Wireless/


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQBQ20IKN2ncVpx7SEQIMSACgzYSe+Db00EdWSQgC++W3SRJdAfcAoMWV
x+mr3C9upJzzGs1GRNaL3AjG
=oyK8
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------