From: Scott Schremmer (scotths@cs.washington.edu)
Date: Wed Nov 24 2004 - 07:20:22 PST
The paper discusses security flaws that were found in the WEP
protocol. The paper points out issues with the cypher chosen and message
authentication. It is interesting that some of the flaws are exacerbated
by the increased use of firmware. This eliminates creating something in
hardware only as a method of increasing its security and lack of reverse
engineeringly.
I recall when setting up my wireless network at home noting the
long key that needed to be entered into the network computers. That
seemed a security flaw right there as the key is now on many mobile
devices and it could perhaps be stolen when one is not at home/near their
network. The paper mentions that issues relating to the distribution of
keys can be significant.
It seems problematic to me that the standard papers are note easy
to obtain. We need to encourage the experts in the field to investigate
the standard and find the issues with it.
The paper does a good job of thoroughly explaining the issues.
More effort could have been made to consider solutions. Novel ways to
distribute keys? What code would be better than the crc, etc?
This archive was generated by hypermail 2.1.6 : Wed Nov 24 2004 - 07:20:23 PST