WEP : possible attacks
attacks based on weak IV
- Fluhrer, Mantin and Shamir (the S in RSA)
- a case where IV takes specific values.
- collect the first byte of each packet emitted with a weak IV.
- this algorithm is used for example in AirSnort.
- requires to *see* a large amount of traffic (~1GB). But could be
sollicited by a machine on the wired network belonging to the attacker (eg
by pinging).
- cracking duration is proportional to the number of bits of the key.
- can be patched : AP firmwares upgrades, wireless PCMCIA cards
drivers.
