Donkey On A Waffle : tags/crypto

Windows RNG Mayhem

Tue, 13 Nov 2007 11:01

An interesting paper -http://eprint.iacr.org/2007/419.pdf- was released 11/4/07 by some very sharp Israel based security researchers. The basic jist of this paper is that the random number generator in Windows 2K (and possibly other versions of Windows) is garbage. It's seeded poorly, runs in userland, and it appears that it's possible to not only gain access to future random values, but also all previous random values.

This has huge ramifications to things like SSL. Not only can you essentially crack SSL very rapidly, but it's also possible to historically crack captured conversations as well. A high level discussion of some of the issues can be found at:

http://www.eurekalert.org/pub_releases/2007-11/uoh-slf111207.php

Home | Tags: crypto, infosec | Category: /infosec | Link

WEP SUCKS!

Fri, 18 May 2007 10:00

So you probably already knew that WEP is trash. And if you didn't already know that little tidbit, you need to wake up and get into the year 2001 (or later). In 2001 WEP was first compromised, and since then the compromises have advanced multiple times. In 2001 it took approximately five million packets to crack a WEP key, in 2004 that number was down to 500,000. With the announcement of a recent new attack vector, that value has gone down to 85,000 packets and less than two minutes to crack a 104bit WEP key.

The attack, created by Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann, students at Darmstadt University, is a completely new approach.

"From a theoretical point of view, our algorithm is based on the following ideas. Andreas Klein, a German researcher, showed that there is a correlation in RC4 between Keybytes 1 to i-1, the keystream and the keybyte i. If the keybytes 1 to i-1 and the keystream are known, it is possible to guess the next unknown keybyte with a probability of about 1.36/256 which is a little bit higher than 1/256. We were able to show that it is also possible to guess the sum of keybytes i to i+k with a probability of more thatn 1.24/256.

In a WEP environment, the first three bytes of a packet key are always known and are called IV. Our tool tries to guess the sum of the next 1, 2, 3, ... to 13 keybytes for every packet. If enough packets have been captured, the most guessed value for a sum is usually the right one. If not, the correct value is most times one of the most guessed ones."

You can read the entire interview with the students at this link: Complete Interview
Additional news coverage is at this link:The Register Article
The entire paper released by the team can be found here: COMPLETE PAPER

Home | Tags: WEP, cracked, crypto | Category: /infosec | Link

About:

Tyler Shields
Creator/Philosopher/Slacker

Personal:

Homepage ~txs
Twitter Feed
txs_ Twitter RSS Feed

Tweet Tweet:

Calendar:

Categories:

/ (143)
  book_reviews/ (7)
  generic/ (35)
  humor/ (22)
  infosec/ (69)
  poker/ (3)
  programming/ (6)
  rants/ (1)

Book List:

05/2010::100% Done
Run for Your Life, by James Patterson and Michael Ledwidge

05/2010::100% Done
Chelsea Chelsea Bang Bang, by Chelsea Handler

04/2010::100% Done
My Horizontal Life A Collection of One-Night Stands, by Chelsea Handler

01/2010::100% Done
The Girl Who Played with Fire, by Steig Larrson

10/2009::100% Done
The Lost Symbol, by Dan Brown

more...

Pimping: