NEWS: Breaking WEP in minutes, or even seconds

Thats fine, you can refuse to answer the question, I have no issues with that. Let others draw their own inferences.

See my comment above. Being recently published or researched does not make it new material. Trust me, I spent many years in academia watching people rehash previous researchers data....

On Fri, 04 May 2007 00:03:37 +0100, Mark McIntyre wrote in :

I answered the question, your claim notwithstanding.

Obviously you do.

Indeed.

On Fri, 04 May 2007 00:05:09 +0100, Mark McIntyre wrote in :

Me too.

It is new material. If you had proof to the contrary, presumably you would have posted it by now. ;)

This is all getting very boring and this was not the first article posted to alt.internet.wireless about this.

If history serves as a guide, prepare to be bored some more...

The parrot needs a cage.

On Fri, 04 May 2007 08:47:25 +0100, kev wrote in :

As I said, new material -- that post is only a couple of weeks old.

I read the article. I saw nothing new. I posted that information. QED

You did not . The question in post 12 was "Try explaining what's being done here in your own words. "

to which you replied in post 13

"Try making a real contribution here instead of just trying to snipe at others. "

Since post 11 in this thread (when you copy-pasted the abstract of the paper) all you've done is post snide remarks.

If you plan to dissemble, remember that Google Groups will find you out.

On Fri, 04 May 2007 00:00:56 GMT, in alt.internet.wireless , John Navas wrote: ... and by the way, I'm out of this thread, so please consider my silence about any reply as meaning merely that I'm bored.

On Fri, 04 May 2007 17:43:09 +0100, Mark McIntyre wrote in :

I didn't write that.

On Fri, 04 May 2007 17:42:20 +0100, Mark McIntyre wrote in :

Actually I did.

Pot ... kettle ...

If you plan to distort the record, remember that Google Groups will find you out.

John Navas hath wroth:

* 19 days * 1,641,600 seconds * 27,360 minutes * 456 hours * 2 weeks (rounded down) In terms of internet time, where rumor and technology travel at FTL (faster than late) speeds, that approximates ancient history.

However, things may be getting even faster. The latest release of the Linux 2.6.21 kernel now banishes timer ticks, which were previously the fastest measure of time interval, such as the time interval between a new technology rumor leak and when it appears on Slashdot. As a general rule, if the news is signifigant, and has appeared somewhere for more than a week (excluding time zone compensation), everyone already knows about it. Two weeks, and it's ancient history. One month and it's obsolete. 6 months and it's ready for the closeout sale. One year and it's ready for the museum.

On Fri, 04 May 2007 20:06:44 -0700, Jeff Liebermann wrote in :

I disagree. Most clever Internet sound bites turn out to be mostly baloney. Internet articles do propagate rapidly, but then so did radio and TV. What matters is the propagation of _awareness_ and _comprehension_ not the speed of transmission.

Surely you meant to write _REPETITION_....

John Navas hath wroth:

True. The problem is how does one recognize the difference between fact and manure. I have a really crude method, that admittedly doesn't always work, but which is amazingly effective. I consider anything without numbers as junk. Also anything that promotes an agenda or sells a product or service is deemed suspicious. Numbers and agendas can be checked and tested. Personal opinions, unsubstantiated conclusions, and minimalist announcements, are far more difficult to verify. In other words, if the statement in question fails to be complete, accurate, and substantiated with numbers or facts, it's baloney. That include one-line generalizations, such as your statement above.

Please re-read my quoted paragraph. I'm not talking about the propagation time (time to pass a press release from it's original source to it's target audience). I'm talking about the ageing of said press release (how long it's been hanging around). Whether one understands the issues involved is not part of the problem. Recycling the original press releases unchanged does constitute some improvement in understanding (by repetition), but this is the very thing that others were complaining about.

Speaking for myself, I could do without most of your press releases. Admittedly, you sometimes offer something that I haven't seen and am interested in reading. What bothers me is that you offer no added value. A quote to generate interest and a URL is all that's provided. I don't care much about either as I usually read the original announcement before the commentators and pundits have had a chance to inject their agendas. However, if you would *ADD* your opinions, possibly some background, and perhaps some clue as to why it's important for alt.internet.wireless readers, I would consider it worth reading. I value your opinions (despite my constant opposition). I don't value your recycled press releases.

I'll make it easy and attempt to end the debate. If one person proclaims that they want you to continue posting recycled press releases and that they actually read them, then I'll shut up and cease complaining. However, if nobody claims that they want to read them, I suggest you seriously reconsider their effectiveness and value.

"Gone in 120 seconds: cracking Wi-Fi security"

Cracking the Wi-Fi security protocol WEP is a probability game. The number of packets required to successfully decrypt the key depends on various factors, luck included.

When WEP was compromised in 2001, the attack needed more than five million packets to succeed. During the summer of 2004, a hacker named KoreK published a new WEP attack (called chopper) that reduced by an order of magnitude the number of packets requested, letting people crack keys with hundreds of thousands of packets, instead of millions.

Last month, three researchers, Erik Tews, Andrei Pychkine and Ralf-Philipp Weinmann developed a faster attack (based on a cryptanalysis of RC4 by Andreas Klein), that works with ARP packets and just needs 85,000 packets to crack the key with a 95 per cent probablity. This means getting the key in less than two minutes.

Here's an interview with the three researchers. All three are studying at Darmstadt University of Technology, Germany. Tews, 24, is a Bachelor student; Pyshkin, 27, and Weinman, 29, are PhD students in Professor Johannes Buchmann's research group.

[SNIP MOST OF LONG INTERVIEW]

If we have hardware that can't be upgraded to support WPA, what is the best way to configure it?

Erik Tews: We think that WEP is DEAD now, there isn't much left to fix. If your hardware cannot speak WPA and you need wireless security, you should replace your hardare (which costs money) or alternatively configure any kind of VPN.

This interview shows that various WEP countermeasures are NOT effective against this attack. WEP should therefore NOT be used.

On Tue, 08 May 2007 09:16:20 -0700, Jeff Liebermann wrote in :

I personally don't see that as a real problem -- the difference is usually quite obvious to me.

I read it carefully the first time. I've now re-read it a second time, and my understanding is unchanged. I guess we're both having trouble comprehending what the other has written. ;)

I didn't say you were.

I fail to see the relevance. Please re-read my quoted paragraph.

That's wasn't the case here, as I'm sure you know.

Ah, now I understand what's going on. Fair enough, I'm sure you're easily able to filter them out. Hint: I post them with a subject beginning with "NEWS: ".

My perspective is different: I think adding my personal opinions would just tend to provoke flaming that would detract from the information value.

Sorry, but you have no more right to try to dictate the terms of my participation here than I do yours. I'm careful to post according to Usenet guidelines. If you don't like those guidelines, then I suggest you follow established procedures to try to modify them. In the meantime, I suggest you avoid this kind of personal meta-discussion, which is hypocritical, inappropriate, and clearly off-topic.

Thanks, I'll vote anyway: No more Navaspam styled as "NEWS".