Re: Proper WEP Code

From: Dan Williams <dcbw redhat com>
To: Aaron Konstam <akonstam sbcglobal net>
Cc: NetworkManager <networkmanager-list gnome org>
Subject: Re: Proper WEP Code
Date: Wed, 12 Dec 2007 12:10:31 -0500

On Wed, 2007-12-12 at 09:28 -0600, Aaron Konstam wrote:
> On Tue, 2007-12-11 at 17:10 -0500, Dan Williams wrote:
> > 
> > WEP ASCII passphrases are standardized, WEP104 passphrases are
> > de-facto
> > standard (some implemented hashing for 40-bit WEP keys, but that's not
> > really standardized at all), and Apple uses a completely different
> > hashing scheme for it's "password".
> > 
> > So no, WEP doesn't have a standardized passphrase->key hashing scheme.
> > That's why you get 3 choices.
> > 
> > WPA fixed this, where there is a standard for hashing a passphrase
> > into
> > a key, _plus_ they made it easy to differentiate a passphrase and a
> > hex
> > key, which is great because you can't do this with WEP, leading to
> > people using what _look_ like hex keys as actual WEP passphrases.
> > 
> > Dan 
> I am sure you think the above explanation is clear but it is not to me.
> >From what I have read the WEP pasphrase is the encryption key.
> and an ASCII passphrase is just a hex passphrase expressed in ASCII
> characters,
> 
> What is the difference between a passphrase and a hex key and where does
> hashing come in for WEP?

The standard WEP "passphrase" is a string up to 64 characters in length.
If less than 64 bytes, it gets repeated into a 64 byte buffer, which
them gets hashed with MD5.  The digest resulting from the MD5 hash is
then used as the actual WEP key that is given to the driver.

user input:    abcdefghijklm

1) repeat 'abcdefghijklm' over and over until 64 bytes are filled
2) hash the 64 bytes using MD5

wep key (hex): f343dcef2a6ea4ce5d63dabc45

A WEP "ASCII passphrase" is a 5 or 13 character ASCII string.  To derive
the actual WEP key, the ASCII values of the string are used directly for
the WEP key like so:

user input:    abcdefghijklm
wep key (hex): 6162636465666768696a6b6c6d

a = 61, b = 62, c = 63, d = 64, etc.

So the problem with ASCII passphrases is that the _range_ of values you
can enter is smaller and limited to the printable ASCII range, which is
roughly 0x20 -> 0x7E.  Note that in the standard WEP passphrase example
above, the passphrase contains the byte 0xF3 at the start, which is not
ASCII and therefore can't be contained in an ASCII passphrase.

The _best_ way to get a secure WEP key (not that WEP is secure _at all_)
is to have a random number generator generate the key for you.  Don't
use passphrases.

Dan

References:
- Proper WEP Code
  - From: nathanael . jansons
- Re: Proper WEP Code
  - From: Aaron Konstam
- Re: Proper WEP Code
  - From: Dan Williams
- Re: Proper WEP Code
  - From: Derek Atkins
- Re: Proper WEP Code
  - From: James M. Leddy
- Re: Proper WEP Code
  - From: Dan Williams
- Re: Proper WEP Code
  - From: Aaron Konstam

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]