Penetration Testing mailing list archives
Re: Wireless Pent-Test
From: "Raistlin" <raistlin () gioco net>
Date: Wed, 8 Oct 2003 11:49:53 +0200
This could be understood as "RC4 could be cracked", implying RC4 is weak, which is not true when used properly.
Sorry, I'm not a native speaker: of course what Cedric points out is totally correct. RC4 is weak when used multiple times with a fixed secret key and with a few bytes of initialization, which are sent out in cleartext. This is exactly how WEP uses RC4. The main point I was stressing is that there is another problem of the way in which WEP uses RC4, which is related to poorly chosen or "weak" IVs, leading to disclosure of key bits over time. Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys --------------------------------------------------------------------------- Tired of constantly searching the web for the latest exploits? Tired of using 300 different tools to do one job? Get CORE IMPACT and get some rest. www.coresecurity.com/promos/sf_ept2 ----------------------------------------------------------------------------
Current thread:
- Wireless Pent-Test Cesar Diaz (Oct 06)
- Re: Wireless Pent-Test Daniel Nylander (Oct 06)
- Re: Wireless Pent-Test Matthew Leeds (Oct 06)
- Re: Wireless Pent-Test R. DuFresne (Oct 06)
- Re: Wireless Pent-Test Gregory Spath (Oct 06)
- Re: Wireless Pent-Test Seth Fogie (Oct 06)
- Re: Wireless Pent-Test Michael Sierchio (Oct 07)
- RE: Wireless Pent-Test Christopher Harrington (Oct 06)
- Re: Wireless Pent-Test Raistlin (Oct 07)
- Re: Wireless Pent-Test Cedric Blancher (Oct 08)
- Re: Wireless Pent-Test Raistlin (Oct 08)
- Re: Wireless Pent-Test Matthew Leeds (Oct 06)
- Re: Wireless Pent-Test Daniel Nylander (Oct 06)
- Re: Wireless Pent-Test n0g0013 (Oct 07)
- Re: Wireless Pent-Test goat (Oct 06)
- <Possible follow-ups>
- RE: Wireless Pent-Test Artes, Francisco (Oct 06)
- RE: Wireless Pent-Test Matthew Wagenknecht (Oct 06)
- RE: Wireless Pent-Test MJohnst5 (Oct 06)
- RE: Wireless Pent-Test Keith T. Morgan (Oct 06)
- Re: Wireless Pent-Test Gregory Spath (Oct 06)